tencent cloud

All product documents
Cloud Streaming Services
DocumentationCloud Streaming ServicesConsole GuideDomain ManagementPlayback Domain Name ManagementPlayback Authentication Configuration
Playback Authentication Configuration
Download PDF
Last updated: 2024-06-19 16:08:10
Playback Authentication Configuration
Last updated: 2024-06-19 16:08:10
Download PDF

Overview

By default, the content of Cloud Streaming Services (CSS) is publicly accessible, allowing you to view the live streaming content as soon as you obtain the playback address. If you require access control over the live streaming content during the use of Live Video Broadcasting (LVB) or Live Event Broadcasting (LEB), this can be achieved through authentication settings to protect the content of the live streaming resources. Key authentication is used to generate the authentication txSecret field in the live streaming address, which can prevent unauthorized use of the live streaming due to domain name leaks. We recommend that you enable the key authentication feature to enhance the security of your live streaming content.

How to Configure

To enable URL authentication, a CSS user needs to generate an encrypted URL and provide it to other users. When a user requests content using the encrypted URL from a CSS acceleration node, the node will check the authentication information of the request to determine whether the request is valid. If it is, the node will return the content normally; otherwise, the node will reject the request, protecting your live streaming content.

Prerequisites

CSS has been activated, and you have logged in to the CSS console.
You have added a playback domain name.

Enabling Key Authentication

1. Select Domain Management and click the playback domain name for which you want to enable authentication or click Manage to enter the domain name management page.



2. In the Access control > Key Authentication section, click

to enable key authentication.

3. Complete the following settings on the authentication configuration page:

Configuration Item
Description
Primary Key
When configuring a primary key for authentication, based on your actual needs and security policy, you can select a primary key randomly generated by the system, or enter a custom primary key, for example, test.
It supports only uppercase letters, lowercase letters, and digits, with a maximum length of 256 characters.
Backup Key
When configuring a backup key for authentication, based on your actual needs and security policy, you can select a backup key randomly generated by the system, or enter a custom backup key, for example, testing.
It supports only uppercase letters, lowercase letters, and digits, with a maximum length of 256 characters.
Validity Time (s)
It supports only integers.
Enter the signature validity period, such as 20.
Note:
Playback authentication of a playback domain name is disabled by default.
Authentication Key : It includes a primary key (required) and a backup key (optional). You can switch smoothly to the backup key if your primary key is disclosed.
4. Click Save to save the configuration.

Modifying Key Authentication

1. Select Domain Management, and click the playback domain name that requires authentication configuration or click Manage to enter the domain name management page.



2. In the Access control > Key Authentication section, click Edit to enter the key authentication configuration page.



3. Modify the configuration item information according to your actual needs, and click Save to complete the modification.

Disabling Key Authentication

Note:
When you choose to disable key authentication, make sure you understand the risks involved. Disabling key authentication may expose your live streaming service to piracy, resulting in additional service fees. Therefore, we recommend that you keep key authentication enabled to protect your live streaming content.
After Enabling Key Authentication, if you need to disable this feature, follow these steps:
1. Select Domain Management, and click the playback domain name that requires authentication configuration or click Manage to enter the domain name management page.



2. In the Access control > Key Authentication section, click

to disable key authentication.

3. Before disabling key authentication, confirm once more if you really wish to proceed. If you understand and accept the risks, click Confirm to proceed.

Note:
After authentication is enabled for the playback domain name, the original playback URL will be inaccessible and an error 403 will be returned. Before enabling this feature, please make sure that your live streaming platform is compatible with the following authentication algorithm so that your streaming services will not be affected.

Example

Original playback URL:
http://www.test.com/live/test01.flv
The authentication parameters configured are as follows:
Primary key: ngoeiq03
Backup key: -
Validity period: 12495 seconds
Note:
If you have enabled authentication, the actual expiration time of a URL will be txTime plus the validity period of the key.
For the sake of convenience, the time you set in the console is the actual expiration time. If you have enabled authentication, the system will calculate the txTime when generating playback URLs.
If you use FLV or RTMP methods to start pulling the stream before the expiration time, the stream will be maintained normally as long as the connection is not interrupted or stopped, even if the expiration time has passed.
If you use the HLS method to start pulling the stream before the expiration time, the stream will be stopped when the expiration time is reached.
Timestamp calculation:
Setting time: 2018.12.01 08:30:00
Decimal Unix timestamp: 1543624200
Hexadecimal Unix timestamp: 5C01D608 (case-insensitive). CSS uses hexadecimal timestamps for authentication.
Authentication signature calculation:
txSecret = MD5(key+StreamName+txTime) 
StreamName is the stream name, which is the same as the StreamID
txTime is the timestamp
key is the authentication key
txSecret = MD5(ngoeiq03+test01+5C01D608)
txSecret = MD5(ngoeiq03test015C01D608)
txSecret = ce797dc6238156d548ef945e6ad1ea20
New playback URL:
http://www.test.com/live/test01.flv?txSecret=ce797dc6238156d548ef945e6ad1ea20&txTime=5C01D608
The expiration time of this URL is 2018.12.01 08:30:00 + 12495 seconds, i.e., 2018.12.01 11:58:15 Beijing time. If authentication fails or the URL expires, CSS will return 403.

Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 available.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon