Signing keys provides endpoints for managing cryptographic key pairs used to securely sign and verify tokens, such as JSON Web Tokens (JWTs), which are essential for authenticating and authorizing API requests in video-centric applications. Signing keys consist of a public and private key pair. The private key is used to sign tokens, while FastPix retains the public key to verify the authenticity of those tokens.
Private key: Used to create a digital signature. This key is kept secret and is only known to the signer.
Public key: Used to verify the digital signature. This key can be shared with anyone who needs to verify the authenticity of the signed message.
How Signing keys work
Signing keys are critical for securing access to video content, API resources, or other protected functionalities in your application. Developers can create, retrieve, manage, and delete signing keys through these endpoints, ensuring that their application follows secure token practices. By rotating and managing keys regularly, developers can prevent unauthorized access and maintain a robust security posture.
Use case scenarios
Token-based authentication: In a subscription-based video platform, tokens signed with private keys are used to verify that a user has access to premium content.
Key rotation for enhanced security: Teams can regularly rotate signing keys to reduce the risk of key compromise, ensuring only valid keys are used for signing tokens.
Protect intellectual property: Signing keys can ensure that your valuable media assets are not accessed or distributed without authorization.
Control media assets usage: Access can be restricted to specific users or groups, ensuring that assets are used only for approved purposes.
Prevent unauthorized modifications: Signing keys help verify that the requested asset has not been tampered with or modified in any way.
Implement time-bound access: Signed URLs can be set to expire after a certain period, allowing you to control the duration of access to your assets.