Try Live Demo

You have a streaming project for a limited audience or just want to stream personally, however, may have some concerns about its reachability. The one-time token method is one of the effective authentication methods for secure video streaming. Ant Media Server offers one-time token security control option with 1.5.0 version.

The Parameters of the Token for Secure Video Streaming

There are 4 parameters of the token, tokenId, streamId, expireDate and type.

  • tokenId: Generated a random string from service
  • streamId: The Id of the resource that the user wants to reach
  • expireDate: The expiration date of the token (Use Unix Timestamp, such as 1560771964)
  • type: Either publish or play token
  • roomId: : The room id for playing streams in the conference room.

The Steps for Token Control Mechanism

Step 1. Enable Setting

Firstly, the setting should be enabled in the management panel.

One-Time Token Settings for Secure Video Streaming

If One-Time Token control option is active, then all publish and play requests should be sent with a token parameter.

Step 2. Create a Token

The Server creates tokens with getToken Rest Service getting streamId, expireDate and type parameters. Therefore it is important that streamId and type parameters should be defined properly. Because tokenId needs to match with both streamId and type.

Step 3. Request with Token 

The system controls token validity during publishing or playing.
a) Publishing
RTMP Publishing: You need to add a token parameter to RTMP URL before publishing. Sample URL:

rtmp://[IP_Address]/<Application_Name>/ 312526128013151313200552?token=tokenId

WebRTC Publishing: Token parameter should be inserted to publish the WebSocket message. For details about WebRTC WebSocket messaging please visit wiki page.
b) Playing/Accessing
Live Stream/VoD Playing: Same as publishing, the token parameter is added to the URL. Sample URL:

http://[IP_Address]/<Application_Name>/streams/250116815996644357614115.mp4?token=tokenId

WebRTC Playing: Again the token parameter should be inserted to play the WebSocket message. Please have a look at the principles described in the wiki page.

Step 4. Evaluation of the Token

Ant Media Server evaluates based on its properties to secure your streams. Whether it is valid for the requested stream or not is controlled. Another important control process is checking the type of the token. Because the developer or administrator may give access to a user to play a stream but not publish to this stream even with the same streamId.

Once the token is successfully validated by Ant Media Server, then it is removed from the database so that other requests with the same token will be dismissed. Since consecutive requests are sent during playing/accessing streams, the session information saved after the one-time token is consumed.

Please have a look at the documentation for further information.

Contact us if you have any questions or suggestions with the contact form or email contact [at] antmedia.io

Categories: Tutorial

Selim Emre Toy

Highly motivated full-stack developer with 6 years of experience especially in Java and Angular. Constantly learning, passionate about solving complex problems. Proficient in various programming languages and technologies. Enjoys finding creative solutions to challenges.