JSON Web Tokens for Secure and Flexible Authentication

May 18, 2022 by
Lock symbol over dark background representing cyber security

The Wowza Video REST API offers complete programmatic control over live streams, transcoders, stream sources, and stream targets. Anything you can do in the Wowza Video UI is also achievable through the REST API. For security purposes, all requests to the Wowza Video REST API must include authentication information in the header.

There are currently two methods to authenticate REST API requests:

However, Wowza API Authentication is changing, and Wowza Video is transitioning to a JSON Web Token-based authentication scheme. If you’re not yet familiar with JSON Web Token (JWT), it’s an open standard for securely transmitting information between parties as a JSON object.

 

Why Is the JSON (JWT) Method More Secure?

The JWT is more secure because:

  • The information is verifiable and trustworthy because it’s digitally signed.
  • This authentication method is more versatile.
  • It allows users to create System Access Tokens and Personal Access Tokens.
  • JSON Web Token (JWT) adheres to modern security standards.
  • JWT provides added security across all Wowza properties (instead of having a Cloud-only API Key).

Because using an account’s API key and an access key directly in API request headers is a less secure authentication method, we recommend it for initial evaluation and proof of concept applications only. JWT-based authentication is now available in version (1.8) of the Wowza Video REST API.

 Although you can authenticate both ways while we transition to version 1.9 in the next year, we encourage you to update your integrations to use JWT as soon as possible. Our goal is to provide a well-maintained REST API that delivers reliably, so we actively manage the lifecycle of the Wowza Video REST API. To learn more about the API lifecycle and schedule, visit our documentation here.

 

Authenticating With a JSON Web Token (JWT)

To authenticate with a JWT, you’ll need to do the following:

  1. Create a personal access token, which is the JWT, in the Token Management portal. For convenience, you can also access the portal from the Access Key page in Wowza Video. Once you are on the page that allows you to create and manage tokens, you will have the choice between a personal token or system tokens. The benefit of system tokens is that they enable you to assign different roles to members of your team.
  1. Use the JWT in your REST API requests as a bearer token in an Authentication header.

Sample Request:

curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <JWT>" \
-d '{
   "transcoder": {
     "billing_mode": "pay_as_you_go",
     "broadcast_location": "us_west_california",
     "buffer_size": 4000,
     "delivery_method": "push",
     "low_latency": true,
     "name": "MyABRtranscoder",
     "protocol": "rtsp",
     "transcoder_type": "transcoded"
   } 
}' "${WSC_HOST}/api/beta/transcoders"

Once you’ve created your token, you can simply create a variable in Postman named “token” and add your token value to it. This will then allow you to create your REST API calls and begin managing your live streams.  To see how to use the JWT authentication method when creating a new live stream with the REST API, a video tutorial is available. 

 

Protect Your Content with Wowza

Here at Wowza, we understand that secure streaming is critical. We provide the expertise to design the most reliable solution possible so you can trust in the security and reliability your business requires. In addition to offering the more secure JWT authentication method within the REST API, Wowza is also now SOC 2 certified.  In a world of piracy, hacking, and cyberattacks, Wowza is committed to reliability, security, and customer success.

______________________________________________________________________________

 

Announcing: Wowza Video 

These days, video powers everything, for everyone, everywhere. And with Wowza Video, there’s no limit to how you can transform your businesses with video technology. 

The cloud-based platform combines the flexibility required to build groundbreaking products with the reliability needed for business-critical applications. What’s more, our solution delivers powerful features at every stage of the workflow, thereby eliminating the complexity of integrating multiple vendors.

So what are you waiting for? Get started with Wowza Video today by contacting us. 

 

About Rose Power

Rose Power is the developer community manager for Wowza Media Systems. Passionate about building relationships with the dev community, Rose strives to deliver quality resources for a positive user experience built on trust. When not working, she can be found… View more