Securetoken Authorization

Protects unauthorized access to content with temporary tokens

Securetoken Authorization

How it works

  1. Client requests playlist with channels on the middleware
  2. For each channel middleware prepares unique temporary token
  3. Client requests channel with temporary token
  4. Alta checks token and allow request if token is valid

Token

Temporary token calculated by the middleware on the server side when client requests playlist. Token contains next parts:

  • Hash - hash calculated on the server with SHA1 algorithm
  • Salt - random word for better secure
  • End time - token expiration time in the unix-timestamp format
  • Start time - token creation time in the unix-timestamp format

All parts should be separated by minus sign and addedd to the channels address. For example: https://example.com:8100/tv/travel-channel/index.m3u8?token=e8bff06f373694dda657e8417fe76f6b54b69807-a5cd6c00-1669890000-1669810000

Hash

Hash should be calculated on middleware with SHA1 algorithm from string concatenated from next parts:

  • Channel path - for example /tv/travel-channel/index.m3u8
  • Client IP address
  • Start time - unix-timestamp as decimal number
  • End time - unix-timestamp as decimal number
  • Securetoke - defined in the Alta settings
  • Salt - random word

Example on PHP

Create a file securetoken.php with the following code:

<?php

$channel = '/tv/travel-channel/index.m3u8';
$client = '192.168.88.98';
$starttime = 1669810000;
$endtime = 1669890000;
$securetoken = 'secret';
$salt = 'a5cd6c00';

$hash = sha1($channel . $client . $starttime . $endtime . $securetoken . $salt);
$token = $hash . '-' . $salt . '-' . $endtime . '-' . $starttime;

echo 'https://example.com:8100' . $stream . '?token=' . $token . PHP_EOL;

Launch script:

php securetoken.php

You will see line from the first example. Please, note, this script only for example.