Stream url tokens

To secure the link to your media we have developed a token system. You can calculate a hash using a secret token you can find in de API menu in the Jet-Stream platform interface.

By keeping your secure token private you will be the only one that can hand out player or media URL's to your viewers, preventing deeplinking and other unauthorized use.

Code examples

JavaScript
Python
PHP

import MD5 from "crypto-js/md5";

function calculateToken(filename, secret_token) {
    let timestamp = Math.floor(Date.now() / 1000);
    let raw_hash = MD5(timestamp.toString() + filename + secret_token);
    return timestamp.toString(16) + "|" + raw_hash.toString();
}

def calculate_token(filename, secret_token):
    time = int(datetime.datetime.now().strftime('%s'))
    timehex = hex(time).replace('0x','')
    token = hashlib.md5(''.join([str(time), str(filename), secret_token]))
    return timehex + '|' + token.hexdigest()

function calculate_token($filename, $secret_token) {
    $timestamp = time();
    $timestamp_hex = sprintf("%08x", $timestamp);
    return $timestamp_hex . "|" . md5($timestamp . $filename . $secret_token);
}

You can copy the examples right into your own codebase. Please make sure you don't expose the secure token in public. Like when checking your sourcecode in to Git.

Interactive code example

This code example runs local in the browser. It is safe to use this to double check your implementation using your own secret token.

The provided example is in React because we use Docusaurus as our documentation tool.

Live Editor

// Make sure you have imported import MD5 from crypto-js
// import MD5 from "crypto-js/md5";

function Example(props) {
    // Example variables
    let example_url = "https://rrr.sz.xlcdn.com/?account=demo&file=sintel-surround.smil&type=streaming&service=wowza&poster=sintel-surround.jpg&output=player";
    let example_secret_token = "6I3y5QJTz8l0Vp34sr5QPyLJcwFx2vV7QfDtJYBK6c3pzeGFY4lp77eVqeRHO4sb36gEqxbqjwCJ6k40z6Ur1NxAmBf9W1jp84cQGsO5uupTX76e7GunR2o3Kpf7F4Db";

    // State handlers
    const [player_url, setPlayerUrl] = useState(example_url);
    const [secret_token, setToken] = useState(example_secret_token);
    const [filename, setFilename] = useState("");
    const [timestamp, setTimestamp] = useState(Math.floor(Date.now() / 1000));
    const [timestamp_hex, setTimestampHex] = useState("");
    const [hash, setHash] = useState("");
    const [final_token, setFinalToken] = useState("");
    const [final_player_url, setFinalPlayerUrl] = useState("");

    // React to state changes
    useEffect(() => {
        // Convert the timestamp to a hex sting
        setTimestampHex(timestamp.toString(16));

        // Parse the url parameters and set the file variable
        let searchParams = new URLSearchParams(player_url.split("?")[1]);
        setFilename(searchParams.get('file'));

        // Make the secure hash and set the hash variable
        let raw_hash = MD5(timestamp.toString() + filename + secret_token);
        setHash(raw_hash.toString());

        // Combine the timestamp and the hash separated by a |
        setFinalToken(timestamp_hex + '|' + hash);

        // Append the token to the url parameters and set the final url
        searchParams.append('token', final_token);
        setFinalPlayerUrl(player_url.split("?")[0] + '?' + searchParams.toString());
    });

    return <>
      <label><strong>Player URL:</strong></label><br/>
      <textarea id={"player_url"} onChange={e => setPlayerUrl(e.target.value)} style={{'width': "100%"}}>
          {player_url}
      </textarea>

      <label><strong>Secret Token:</strong></label><br/>
      <textarea id={"token"} onChange={e => setToken(e.target.value)} style={{'width': "100%"}}>
          {secret_token}
      </textarea>

      <label><strong>Timestamp:</strong></label><br/>
      <input id={"timestamp"} style={{'width': "100%"}}
             value={timestamp} onChange={e => setTimestamp(e.target.value)} />
      <input type={"button"} value={"Set to current time"} onClick={() => setTimestamp(Math.floor(Date.now() / 1000))}/>
      <br/>

      <h3>Result:</h3>
      <pre>
        timestamp_hex:<br/>
        <strong>{timestamp_hex}</strong><br/><br/>

        filename:<br/>
        <strong>{filename}</strong><br/><br/>

        hash:<br/>
        <strong>{hash}</strong><br/><br/>

        final_token:<br/>
        <strong>{final_token}</strong><br/><br/>

        final_player_url:<br/>
        <strong>{final_player_url}</strong>
      </pre>
    </>;
}

// Make sure you have imported import MD5 from crypto-js
// import MD5 from "crypto-js/md5";

function Example(props) {
    // Example variables
    let example_url = "https://rrr.sz.xlcdn.com/?account=demo&file=sintel-surround.smil&type=streaming&service=wowza&poster=sintel-surround.jpg&output=player";
    let example_secret_token = "6I3y5QJTz8l0Vp34sr5QPyLJcwFx2vV7QfDtJYBK6c3pzeGFY4lp77eVqeRHO4sb36gEqxbqjwCJ6k40z6Ur1NxAmBf9W1jp84cQGsO5uupTX76e7GunR2o3Kpf7F4Db";

    // State handlers
    const [player_url, setPlayerUrl] = useState(example_url);
    const [secret_token, setToken] = useState(example_secret_token);
    const [filename, setFilename] = useState("");
    const [timestamp, setTimestamp] = useState(Math.floor(Date.now() / 1000));
    const [timestamp_hex, setTimestampHex] = useState("");
    const [hash, setHash] = useState("");
    const [final_token, setFinalToken] = useState("");
    const [final_player_url, setFinalPlayerUrl] = useState("");

    // React to state changes
    useEffect(() => {
        // Convert the timestamp to a hex sting
        setTimestampHex(timestamp.toString(16));

        // Parse the url parameters and set the file variable
        let searchParams = new URLSearchParams(player_url.split("?")[1]);
        setFilename(searchParams.get('file'));

        // Make the secure hash and set the hash variable
        let raw_hash = MD5(timestamp.toString() + filename + secret_token);
        setHash(raw_hash.toString());

        // Combine the timestamp and the hash separated by a |
        setFinalToken(timestamp_hex + '|' + hash);

        // Append the token to the url parameters and set the final url
        searchParams.append('token', final_token);
        setFinalPlayerUrl(player_url.split("?")[0] + '?' + searchParams.toString());
    });

    return <>
      <label><strong>Player URL:</strong></label><br/>
      <textarea id={"player_url"} onChange={e => setPlayerUrl(e.target.value)} style={{'width': "100%"}}>
          {player_url}
      </textarea>

      <label><strong>Secret Token:</strong></label><br/>
      <textarea id={"token"} onChange={e => setToken(e.target.value)} style={{'width': "100%"}}>
          {secret_token}
      </textarea>

      <label><strong>Timestamp:</strong></label><br/>
      <input id={"timestamp"} style={{'width': "100%"}}
             value={timestamp} onChange={e => setTimestamp(e.target.value)} />
      <input type={"button"} value={"Set to current time"} onClick={() => setTimestamp(Math.floor(Date.now() / 1000))}/>
      <br/>

      <h3>Result:</h3>
      <pre>
        timestamp_hex:<br/>
        <strong>{timestamp_hex}</strong><br/><br/>

        filename:<br/>
        <strong>{filename}</strong><br/><br/>

        hash:<br/>
        <strong>{hash}</strong><br/><br/>

        final_token:<br/>
        <strong>{final_token}</strong><br/><br/>

        final_player_url:<br/>
        <strong>{final_player_url}</strong>
      </pre>
    </>;
}

Result

Check your implementation

You can actually use the above code sample to check the tokens you have generated yourself.

The input fields in the example are actually working, so if you enter your own parameters it will update the result section.

Token validity

The token you generate will be valid for 5 minutes. If you need a longer validity, lets say, 10 minutes, you can generate the timestamp with an additional 600 seconds. Our platform will validate the token since it is not more than 5 minutes (300 seconds) in the past.

JavaScript
Python
PHP

import MD5 from "crypto-js/md5";

function calculateToken(filename, secret_token) {
  let timestamp = Math.floor(Date.now() / 1000);

  // Adding the 10 minutes
  timestamp = timestamp + (10 * 60);

  let raw_hash = MD5(timestamp.toString() + filename + secret_token);
  return timestamp.toString(16) + "|" + raw_hash.toString();
}

def calculate_token(filename, secret_token):
  time = int(datetime.datetime.now().strftime('%s'))

  # Adding the 10 minutes
  time = time + (10 * 60)

  timehex = hex(time).replace('0x','')
  token = hashlib.md5(''.join([str(time), str(filename), secret_token]))
  return timehex + '|' + token.hexdigest()

function calculate_token($filename, $secret_token) {
  $timestamp = time();

  // Adding the 10 minutes
  $timestamp = $timestamp + (10 * 60);

  $timestamp_hex = sprintf("%08x", $timestamp);
  return $timestampHex . "|" . md5($timestamp . $filename . $secret_token);
}

Code examples​

Interactive code example​

Check your implementation​

Token validity​

Code examples

Interactive code example

Check your implementation

Token validity