1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Securing Videos with Unique Key: Explanation of Hash
This guide details the use of the unique key to authenticate the playback of media (read this guide).
Why a hash?
When a user requests access to a media from the VOD/AOD space with a hash, Infomaniak simply checks if this hash is still valid, if it corresponds to the visitor's IP address and to the file they are requesting. Otherwise, access is simply denied.
All hashes used are temporary (<2 hours) and unique for a pair of IP address/File. However, there is no internal correspondence table to know if an IP address can have access to a video or not.
This is not a proposed authentication system, but a verification system. If the user has a valid hash during a video request, it means they have previously been authorized by your site/system to access the content.
Authentication must therefore be done on your site or in your applications, depending on the parameters that interest you. You just have to decide if a user can access a video or not.
If yes, then you just need to generate an Infomaniak hash that will only be valid for their IP address and a file for 2 hours. Otherwise, even if they know the address of the video and retrieve the hash from someone else, they will not be able to access it.
This solution is simple to implement and relatively flexible because:
- you manage authentication yourself, so it is perfectly integrable with any type of site or application
- the validity of a client does not depend solely on their IP address, which may change (ADSL with dynamic IP, mobile networks, ...)
- if you stop generating hashes for a video, no one will have access to it once these hashes expire
- authorized users must go back to your site to get new valid hashes because they expire automatically