In Ant Media Server, there are numerous Security options for Publishing and Playing Streams. We’ve introduced another one, Webhook Authentication for Stream Publishing, in version 2.4 and higher.
Whenever the stream initiates, Ant Media Server just calls your webhook URL and sends the HTTP request to see if it accepts this stream. Ant Media Server also sends the stream ID, which you may check on your end to see if it’s valid or not.
As a result, if your Webhook URL returns status code 200, Ant Media Server accepts the stream. If it returns something else, Ant Media Server does not accept the stream.
When to use Webhook Authentication
You can use Webhook Authentication for Stream Publishing if you don’t know the stream id in advance and don’t want to validate it with tokens, and you have all of the stream ids on your application servers. Both WebRTC and RTMP streams can be ingested with Webhook Authentication.
How to enable Webhook Authentication
To enable this feature, first, you need to add the below-mentioned setting in <AMS_DIR>/webapps/<AppName>/WEB-INF/red5-web.properties.
After making the changes, just restart the server.
To try this feature and receive your own webhook URL, go to this webhook site. The response code will always be 200 by default when you send a request to that site correctly. Let’s try publishing a stream as an example.
Sample webhook URL from webhook site is added in settings file as follows.
After this, when an RTMP/WebRTC stream initiates to publish, it will trigger the webhook URL and sends the request like below.
If the response is 200, the stream can be published with the following logs.
INFO i.a.s.AcceptOnlyStreamsWithWebhook - Response from webhook is: 200 for stream:stream1 INFO i.a.e.w.WebSocketEnterpriseHandler - Is publish allowed through Webhook Authentication: true
By selecting the Edit option from the webhook site’s menu, you may now modify the response code. Change it to 300, as an example.
Please try publishing the stream again, however, because the response will be 300 this time, it will not be allowed to be published on the server with the logs below.
INFO i.a.s.AcceptOnlyStreamsWithWebhook - Response from webhook is: 300 for stream:stream1 WARN i.a.s.AcceptOnlyStreamsWithWebhook - Connection object is null for stream1 INFO i.a.e.w.WebSocketEnterpriseHandler - Is publish allowed through Webhook Authentication: false
For more details about using webhook in Ant Media Server, please check webhook documentation.