Articles on: OTT Settings

Backend Authorization for Alta OTT

Backend Authorization is a system for verifying client requests with an external HTTP service in an extensible way.

Backend Authorization

The backend URL depends on the middleware being used. When a client starts a channel, Alta sends a request to the backend service. The backend service verifies the client request based on its own rules and returns a response to Alta. A response status of 200 indicates that access to the content is allowed, while any other response denies access. If the backend service is unavailable, Alta processes a default action.

Ministra / Stalker

Backend URL:

In the Ministra / Stalker settings turn on option "Temporary URL - Flussonic support"


Backend URL:

In the portal settings open "Keys" menu and create a new key:

Name: Alta
Mode: SM
Key Length: 1472 bit
Update Rate: 1:00:00

In channel settings:

Auth: arescrypt
Encoded: turn on
Key: Alta

Microimpulse Smarty

Backend URL:

Custom Backend

If you need to implement custom authentication logic, you can create your own backend.

Alta sends an HTTP GET request to the backend, appending all URL parameters from the original request passed to the backend URL. In addition to the URL parameters, Alta also sends the following HTTP headers to the backend:

X-Session-Id - unique session identifier
X-Real-Ip - client IP address
X-Real-Path - path requested by the client
X-Real-Origin - origin is a combination of a protocol (for example http or https), hostname, and port (if specified)
X-Real-Ua - User-Agent from original request

In this guide, we provide an example of an extremely simple PHP backend that allows access if the token is equal to 123.

Create new file auth.php with the following code:


// Get token from query string
$token = $_GET['token'];

// Check token
if ($token == '123') {
    // Write headers to console and allow access
        "\n" .
        " Session ID: " . $_SERVER['HTTP_X_SESSION_ID']  . "\n" .
        "    Real IP: " . $_SERVER['HTTP_X_REAL_IP']     . "\n" .
        "  Real Path: " . $_SERVER['HTTP_X_REAL_PATH']   . "\n" .
        "Real Origin: " . $_SERVER['HTTP_X_REAL_ORIGIN'] . "\n" .
        "    Real UA: " . $_SERVER['HTTP_X_REAL_UA']
} else {
    // Deny access

To launch the backend on the server with Alta, run the following command:

php -S auth.php

The backend URL will be:

For production environments, you can use nginx with php-fpm or any other suitable solution.

Note that this is just an example and you should implement your own backend logic according to your specific requirements.


Unexpected access

If you get access to the channel without authorization, probably your HTTP backend is unavailable. You can check it with curl command. Open console on your server with Astra. And try to send request to the HTTP backend manually:

curl -v ""

Of course address should be same as in your settings.

If you see something like Connection refused or connection is stuck without any response, then issue with access to the backend.

Updated on: 28/04/2023

Was this article helpful?

Share your feedback


Thank you!