Securetoken Authorization

Protects unauthorized access to content with temporary tokens

How it works

Client requests playlist with channels on the middleware
For each channel middleware prepares unique temporary token
Client requests channel with temporary token
Alta checks token and allow request if token is valid

Token

Temporary token calculated by the middleware on the server side when client requests playlist. Token contains next parts:

Hash - hash calculated on the server with SHA1 algorithm
Salt - random word for better secure
End time - token expiration time in the unix-timestamp format
Start time - token creation time in the unix-timestamp format

All parts should be separated by minus sign and addedd to the channels address. For example: https://example.com:8100/tv/travel-channel/index.m3u8?token=e8bff06f373694dda657e8417fe76f6b54b69807-a5cd6c00-1669890000-1669810000

Hash

Hash should be calculated on middleware with SHA1 algorithm from string concatenated from next parts:

Channel path - for example /tv/travel-channel/index.m3u8
Client IP address
Start time - unix-timestamp as decimal number
End time - unix-timestamp as decimal number
Securetoke - defined in the Alta settings
Salt - random word

Example on PHP

Create a file securetoken.php with the following code:

<?php

$channel = '/tv/travel-channel/index.m3u8';
$client = '192.168.88.98';
$starttime = 1669810000;
$endtime = 1669890000;
$securetoken = 'secret';
$salt = 'a5cd6c00';

$hash = sha1($channel . $client . $starttime . $endtime . $securetoken . $salt);
$token = $hash . '-' . $salt . '-' . $endtime . '-' . $starttime;

echo 'https://example.com:8100' . $stream . '?token=' . $token . PHP_EOL;

Launch script:

php securetoken.php

You will see line from the first example. Please, note, this script only for example.