tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Streaming Services
    Documentation
    Download PDF

    Playback Authentication Configuration

    Last updated: 2023-10-08 14:22:34
    Download PDF

      Overview

      The content on CSS is open by default. Anyone with a playback address can access the content. To control access to your live streaming content, you can enable playback authentication.

      How to Configure

      To enable playback authentication, you need to generate an encrypted URL and provide it to end users. When an end user requests content using the encrypted URL from a CSS cache node, the node will check the authentication information of the request to determine whether it is valid. If it is, the node will return the content; otherwise, it will reject the request, protecting your live streaming content from unauthorized access.

      Prerequisites

      You have logged in to the CSS console.
      You have added a playback domain name.

      Directions

      1. Select Domain Management and click the playback domain for which you want to enable authentication or click Manage.
      2. Click Access Control and, in the Key Authentication area, click Edit.
      3. Complete the following settings on the authentication configuration page:
      3.1 Click the switch next to Playback Authentication to enable playback authentication.
      3.2 Enter a custom primary key, such as testlive.
      3.3 (Optional) Enter a custom backup key, such as testing.
      3.4 Enter the signature validity period, such as 20.
      3.5 Click Save to save the configuration.
      Note
      Playback authentication of a playback domain name is disabled by default.
      Authentication Key: It is user-defined and can contain uppercase and lowercase letters and digits. It includes a primary key (required) and a backup key (optional). You can switch smoothly to the backup key if your primary key is disclosed.
      Validity Period: The validity period of the signature only supports integers.
      
      
      
      Caution
      After authentication is enabled for the playback domain name, the original playback URL will be inaccessible and an error 403 will be returned. Before enabling this feature, please make sure that your live streaming platform is compatible with the following authentication algorithm so that your streaming services will not be affected.

      Example

      Original playback URL:
      http://www.test.com/live/test01.flv
      The authentication parameters configured are as follows:
      Primary key: ngoeiq03
      Backup key: -
      Validity period: 12495 seconds
      Caution
      If you have enabled authentication, the actual expiration time of a URL will be txTime plus the validity period of the key.
      For the sake of convenience, the time you set in the console is the actual expiration time. If you have enabled authentication, the system will calculate the txTime when generating playback URLs.
      If you use FLV or RTMP methods to start pulling the stream before the expiration time, the stream will be maintained normally as long as the connection is not interrupted or stopped, even if the expiration time has passed.
      If you use the HLS method to start pulling the stream before the expiration time, the stream will be stopped when the expiration time is reached.
      Timestamp calculation:
      Setting time: 2018.12.01 08:30:00
      Decimal Unix timestamp: 1543624200
      Hexadecimal Unix timestamp: 5C01D608 (case-insensitive). CSS uses hexadecimal timestamps for authentication.
      Authentication signature calculation:
      txSecret = MD5(key+StreamName+txTime) 
      StreamName is the stream name, which is the same as the StreamID
      txTime is the timestamp
      key is the authentication key
      txSecret = MD5(ngoeiq03+test01+5C01D608)
      txSecret = MD5(ngoeiq03test015C01D608)
      txSecret = ce797dc6238156d548ef945e6ad1ea20
      New playback URL:
      http://www.test.com/live/test01.flv?txSecret=ce797dc6238156d548ef945e6ad1ea20&txTime=5C01D608
      The expiration time of this URL is 2018.12.01 08:30:00 + 12495 seconds, i.e., 2018.12.01 11:58:15 Beijing time. If authentication fails or the URL expires, CSS will return 403.
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy