Skip to main content

Encryption

tip

This documentation is very-very fresh, so if you are getting lost, you are very welcome to contact hi@pathfindr.dev and we will help you out!

All communication between the player and our servers is secured by HTTPS default, but i you would like to add another layer of security, we support AES-128 encrypted streams as well.

What you'll need

info

requires @pathfindr.dev/player@^2.0.0

The process is very similar to the one described in media streams - so please read through that, if you haven't done it yet.

Now you need to add one more parameter to the request:

--form 'protected=1'  # remember the \ at the end of previous line!

This will provide you with an url that you can directly place into the player, which will retrieve the encrypted streams and the encryption keys from our VOD server. If you want to go a step further, you can host the encryption key yourself, thus gaining the ultimate control over who can watch the video.

Self hosted key

Hosting the encryption key yourself, gives you most control over who can watch the video, as you can authenticate the user yourself, and only serve the key if the user is allowed to watch the video. This will also prevent the user from sharing the video link with others.

Being the safest method to playback videos also requires a bit more sophistication to implement it.

  1. First add to your access token request:
--form 'protected=1' # remember the \ at the end of previous line!
--form 'key_url="https://give-me-the-key.please.com/file_uuid/token/some-other-parameters"'

This will provide you with a key in the response (beside all the other parameters)

{
    "key": "jiberrishxx==",
}

This key is a unique encryption key for the media file, which you will have to store and serve whenever the player (on your frontend) requests it.

info

The key is a base64 encoded string, which you will have to decode before serving it to the player!!!

  1. You need to create a service which will serve the key. The implementation is up to you but we recommend creating a route on your server, which will take the access token and the media file uuid as parameters, check if the user is allowed to access the video, and if yes, serve the key.

  2. The rest is all handled without your intervention: the player will pick the best video quality for your connection and download the encrypted video chunks and request the key from your server to decrypt the video.

Now whenever the video is played, the player will regularly send requests to your designated server, to retrieve the key.

caution

Leaking the key allow malicious actors will allow the to decrypt the stream, so please keep it safe!