Secure Token
Overview
Secure tokens protect your content by generating a unique hash that prevents unauthorized access to your URL or file. To enable the secure token feature, contact the VP Player Support Team. They will provide you with the necessary access to enable it. Once enabled, you will receive a key that is used in the process of generating secured links.
Main Functions
Secure tokens allow you to generate time-sensitive links to your live stream, effectively protecting your content. The generated secure links are valid only within a predefined time window and can only be accessed by visitors who have the link containing the secure hash. It is impossible to request secured content without a valid (non-expired) hash. After the expiration time, the links become inactive, and new ones must be generated to request the secured content again.
Hash
The secure token generator uses the MD5 message-digest algorithm to create a 128-bit hash value.
Specifying the Secure Token Path
If you plan to enable secure tokens, you must correctly generate URLs to access your files. This process is detailed in this documentation.
1. Obtain Access
- First, request access from the VP Player Support team. They will provide you with a secure token, which you will use in the configuration process.
2. Configuring the URL
- Locate the video asset's file path, such as
/encode/{videoId}/hls/master_file.m3u8 - Use the CDN resource URL for your project, which typically resembles:
https://cdn.vpplayer.tech/projectid/.
3. Optional Settings
- Expiration Time: Set a specific expiration time for the secure token.
- IP Restriction: Lock the link to a specific IP address if needed.
Path Method
This method demonstrates how to create secure URLs using the file path, embedding the token directly within the path structure.
/**
* @param {string} cdnResourceUrl - The base URL of the CDN resource.
* @param {string} filePath - The relative file path of the resource.
* @param {string} secureToken - The secret token used for signing.
* @param {number|null} [expiryTimestamp=null] - Optional expiry timestamp for the signed URL.
* @returns {string} - The generated signed URL.
*/
const getSignedUrlPath = (cdnResourceUrl, filePath, secureToken, expiryTimestamp = null) => {
// Ensure filePath starts with a '/' if it's missing
if (!filePath.startsWith('/')) filePath = '/' + filePath;
// Extract and ensure the path starts with a '/'
let strippedPath = filePath.substring(0, filePath.lastIndexOf('/'));
if (!strippedPath.startsWith('/')) strippedPath = '/' + strippedPath;
// Construct the hash string
const hash = expiryTimestamp
? `${expiryTimestamp}${strippedPath}${secureToken}`
: `${strippedPath}${secureToken}`;
// Generate MD5 hash and encode in Base64
const md5Hash = CryptoJS.MD5(hash).toString(CryptoJS.enc.Base64);
// Replace characters to make the hash URL-safe
const finalHash = md5Hash.replace(/\+/g, '-').replace(/\//g, '_');
// Construct and return the signed URL
return `https://${cdnResourceUrl}/${finalHash},${expiryTimestamp || ''}${filePath}`;
};
Example Outputs:
const url = getSignedUrlPath(
'your-source-url.vpplayer.tech',
'/file/playlist/d.m3u8',
'ykX1HJEYJFObfy3tfSn8',
1324032526
);
console.log(url);
// Output: https://your-source-url.vpplayer.tech/z--FA_CsNsR2TOV2eg9q4w==,1324032526/file/playlist/d.m3u8
Generate secure token links for an IP address
This method outlines how to use secure tokens with an additional IP address parameter, allowing you to restrict a specific link to a designated IP address while embedding the token. Ensure the secure tokens are set to Path when using this feature.
/**
* @param {string} cdnResourceUrl - The base URL of the CDN resource.
* @param {string} filePath - The relative file path of the resource.
* @param {string} secureToken - The secret token used for signing.
* @param {number|null} expiryTimestamp - Optional expiry timestamp for the signed URL.
* @param {string} ip - Optional IP address to restrict access.
* @returns {string} - The generated signed URL.
*/
const getSignedUrlPath = (cdnResourceUrl, filePath, secureToken, expiryTimestamp = null, ip = '') => {
// Ensure filePath starts with a '/' if it's missing
if (!filePath.startsWith('/')) filePath = '/' + filePath;
// Extract and ensure the path starts with a '/'
let strippedPath = filePath.substring(0, filePath.lastIndexOf('/'));
if (!strippedPath.startsWith('/')) strippedPath = '/' + strippedPath;
// Construct the hash string
let hash = expiryTimestamp
? `${expiryTimestamp}${strippedPath}${ip ? ip + ' ' : ''}${secureToken}`
: `${strippedPath}${ip ? ip + ' ' : ''}${secureToken}`;
// Generate MD5 hash and encode in Base64
const md5Hash = CryptoJS.MD5(hash).toString(CryptoJS.enc.Base64);
// Replace characters to make the hash URL-safe
const finalHash = md5Hash.replace(/\+/g, '-').replace(/\//g, '_');
// Construct the signed URL
return `https://${cdnResourceUrl}/${finalHash},${expiryTimestamp || ''}${filePath}`;
};
Example Outputs:
const url = getSignedUrlPath(
'your-source-url.vpplayer.tech',
'/file/playlist/d.m3u8',
'ykX1HJEYJFObfy3tfSn8',
1324032526,
'1.2.3.4'
);
console.log(url);
// Output: https://your-source-url.vpplayer.tech/z--FA_CsNsR2TOV2eg9q4w==,1324032526/file/playlist/d.m3u8
The secure token generator examples provided above are written in JavaScript, but you can adapt them for use in other programming languages of your choice. By modifying the snippets to match the syntax and libraries of your preferred language, you can implement the same secure token feature seamlessly.