Skip to main content

JWT REST API Filter Guide

This guide will walk you through the steps to use the JWT REST API Filter in Ant Media Server.

Step 1: Introduction

Understand that by default, the JWT REST API Filter is disabled and the REST API IP Filter is enabled in Ant Media Server. The JWT Filter can be used when you consume the REST API from different endpoints. For more information about JWT, visit jwt.io.

Step 2: Enable JWT Filter

The first step is to enable the JWT REST API Filter in Ant Media Server. Go to the web panel, find the setting for JWT REST API Filter, and enable it. Also, enter the Secret key which will be used for encrypting with HMAC-SHA256 in the JWT REST API Filter.

Step 3: Generate a JWT Token

Next, generate a JWT token. For this example, let's assume our secret key is zautXStXM9iW3aD3FuyPH0TdK4GHPmHq. There are plenty of libraries available for JWT token creation, which can be found at Libraries for JWT. For this example, we'll use the Debugger at JWT.

Use the HS256 algorithm and the secret key zautXStXM9iW3aD3FuyPH0TdK4GHPmHq to generate the token. This will be our JWT token to access the REST API:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ0b2tlbiIsImlhdCI6MTUxNjIzOTAyMn0.OESIxgNsnD_JwByKTXcrw9Ov4GaOUZw66QxMfmudhKQ

Step 4: Generate JWT Token with Expiration Time(Optional)

It is also possible to generate a JWT token with an expiration time. For this, you can use the exp option in JWT. The token's expiration time is a Unix timestamp, and the token will become invalid once it expires.

Step 5: Use JWT Token for Accessing REST Filter API

To use the JWT token, simply add it to the Authorization header as shown below:

curl -X POST -H "Content-Type: application/json" -H "Authorization: {JWTToken}" "https://{domain:port}/{application}/rest/v2/broadcasts/create" -d '{"name":"streamName"}'

Step 6: Enable JWKS (Optional)

If you want to use the JSON Web Key Set (JWKS) feature, you need to have an OAuth server like auth0.com. You can also build your own OAuth server system with Hydra. For JWKS configurations, add parameters to the /usr/local/antmedia/webapps/<App-Name>/WEB-INF/red5-web.properties file:

settings.jwtControlEnabled=true
settings.jwksURL=YOUR_JWKS_URL

For example:

settings.jwtControlEnabled=true
settings.jwksURL=https://antmedia.us.auth0.com

Ant Media Server using JWKS needs the public keys used by the signing party to validate signatures. A JWKS's structure looks like this: https://antmedia.us.auth0.com/.well-known/jwks.json.

Once you're finished adding properties, restart the Ant Media Server instance.

sudo service antmedia restart

After these configurations are applied, you can start taking advantage of the JWKS feature in your structure, just like with JWT Filter.