Authentication Flow

N.B - This is the authentication schema that customers should use when integrating into the Streaming API from the US or Canada

Every API call is authenticated using server-side generation of an API token. This token is created using a HMAC SHA256 hash of your API secret and other variables described in the Token Creation page. The token is then passed to the client-side code as a hexadecimal string, so that the client-side code can perform an authenticated request to the Streaming API.

Your API secret should never be exposed to the public. In case of abuse, or if you have reasons to believe your API secret has been exposed, please contact the Integrations team to request a new secret.

Authentication Flow Diagram

As shown, the end-to-end authentication flow is as follows:

The end-user (client) wants to view content. In order to make this request, the client must have a valid authentication token. The client requests this authentication token from the operator’s back-end.
The operator's back-end/server generates a token and returns it to the client. This token should have the operator secret, ip address of the client, and the timestamp hashed into it.
The client makes a request to the Streaming API for a playback URL.
The stream URLs are passed to the operator’s video player.

This change should only be made for requests to the Streaming API

PreviousChanges from Regular Integration NextToken Creation

Last updated 2 years ago