Guides
Login
Start typing to search…

Secure playback with signed URLs

Implement token-based signed URLs for secure video streaming with FastPix Player and custom domains.

FastPix uses JSON Web Tokens (JWTs) to provide secure, authenticated access to your media assets. This guide explains how to implement JWT-based authentication for both on-demand videos and live streams.


What is JWT-based authentication?

JWT-based authentication uses cryptographically signed tokens to verify that a request comes from an authorized source. Each token contains claims about the resource being accessed and includes a signature that FastPix validates before granting access.


How FastPix uses tokens

FastPix validates JWTs to authorize access to protected media resources. The validation process works as follows:

  1. Your application generates a JWT using your private signing key
  2. The client includes the JWT as a query parameter when requesting media
  3. FastPix validates the signature using your stored public key
  4. FastPix checks the token claims (expiration, audience, and permissions)
  5. If valid, FastPix serves the requested media

This approach ensures that only authorized requests can access your content, while keeping your signing keys secure on your backend.


Token usage for different resource types

Tokens provide authenticated access to multiple types of media assets. For on-demand content, you can use tokens to secure playback streams, thumbnail images, and spritesheet files.


Secure on-demand streams

For on-demand streaming, tokens play a key role in securing access to various assets. The token passed to playback-id for on-demand streams can be used for playback, thumbnail, and spritesheet.


Playback token: This token provides authenticated access to the main video content. It kicks off the playback, ensuring the video is streamed securely in the FastPix Player.

Example playback URL:

https://stream.fastpix.io/{playbackId}.m3u8?token={JWT}

For an alternative token-based approach using JSON Web Tokens, see Secure playback with JWTs.


Thumbnail token: Used to securely access thumbnail images tied to the video. Allows fetching of thumbnail previews to improve the visual experience in the player interface.

Example thumbnail URL:

https://images.fastpix.io/{playbackId}/thumbnail.jpg?token={JWT}

Spritesheet token: Grants access to spritesheets for animations and interactive elements like timeline hover previews.

Example spritesheet URL:

https://images.fastpix.io/{playbackId}/spritesheet.jpg?token={JWT}

Create Private Media from the Dashboard

Use private media to control access to sensitive or restricted videos. When a video is marked as private, it can only be played using authenticated or signed URLs.

  1. Add a new media from the FastPix dashboard, go to Media > Create first media (or Add new media) to open the Add Media dialog.
Using Google Drive link to upload
  1. Set the access policy for the media in the Add new media dialog, select Pull Video to upload your media using a video URL.
    Set the "accessPolicy" parameter to "private" to restrict playback access.

NOTE:

You can also apply this setting when using Push Video (direct upload) by changing the "accessPolicy" parameter to "private" in the request.

Using Google Drive link to upload
  1. Confirm upload and view media details after uploading, your media appears on the Media Details page. A lock icon and the message “No public playback ID for previewing” confirm that the media is private.
Using Google Drive link to upload

NOTE:

Changing a media item to private does not revoke already-issued public playback URLs. If you need immediate revocation, update the playback policy or regenerate playback IDs as supported by your workspace settings.


Passing a token to FastPix Player for on-demand streams

To play private videos in FastPix player integrate a token with the fastpix-player component for on-demand streams, you can include it in the player setup like this:


<fastpix-player  
  playback-id="playback-id"  
  token="{JWT}" 
  stream-type="on-demand" 
/>

Replace playback-id with the actual playback ID of your video and JWT with your generated JSON Web Token.


Secure live streams

For live streaming, playback tokens secure real-time content delivery with authenticated access


Example signed playback stream URL:

https://stream.fastpix.io/{playbackId}.m3u8?token={JWT}

Tips on dynamic token management

Managing your tokens effectively is crucial for smooth media access and maintaining security. Here are some tips:

  • Handle token expiration: Implement mechanisms to handle expired tokens gracefully, so your stream isn’t interrupted.
  • Renew tokens automatically: Set up an automated process to renew tokens when needed or prompt users to refresh them as required.
  • Control permissions: Assign permissions based on user roles or subscription levels to limit unauthorized access and uphold your security policies.

Security best practices

Protecting your tokens and ensuring secure streaming involves following some essential practices:

  • Secure transmission: Always use HTTPS to encrypt your token data during transmission. This prevents interception and ensures that your data stays safe.
  • Limit token scope: Be precise about what a token can do. Limit the scope to specific functionalities, like playback or thumbnails, to minimize risk and stick to the principle of least privilege.

Playback signed URLs with custom domains

FastPix Player supports using signed URLs with custom domains, which allows you to personalize your media delivery while keeping security tight. This part explains how to combine signed URLs and custom domains for optimal streaming.


Custom domain signed URL examples


Playback stream:

https://<custom-domain>/${playbackId}.m3u8?token={JWT}

Thumbnail:

https://<custom-domain>/${playbackId}/thumbnail.jpg?token={JWT}

Spritesheet:

https://<custom-domain>/${playbackId}/spritesheet.jpg?token={JWT}

Configure the FastPix Player: To set up the player with a custom domain, specify the custom-domain attribute:

<fastpix-player  
  playback-id="PLAYBACK_ID"  
  token="JWT" 
  custom-domain="media.example.com"  
></fastpix-player>

Benefits of using signed URLs with custom domains

Enhanced branding: Display media assets from your own domain (for example, media.example.com), this builds trust and reinforces your brand identity.

Improved performance: You can utilize CDNs linked with your custom domain for faster, more reliable media delivery.

Secure access: Continue to ensure that only authorized users can view your content using signed URLs.



Updated about 21 hours ago