Home » Blog » Upgrade Your Wowza Video API Authentication to Use JSON Web Tokens

Upgrade Your Wowza Video API Authentication to Use JSON Web Tokens

September 29, 2022byRose Power
Lock symbol over dark background representing cyber security
 

The Wowza Video REST API offers complete programmatic control over live streams, transcoders, stream sources, and stream targets. Anything you can do in the Wowza Video user interface (UI) is also achievable through the REST API.

For security purposes, all requests to the Wowza Video REST API must include authentication information in the header.

There are currently two methods to authenticate REST API requests:

However, Wowza API authentication is changing. Wowza Video is transitioning to a JSON Web Token-based authentication scheme. If you’re not yet familiar with JSON Web Token (JWT), it’s an open standard for securely transmitting information between parties as a JSON object.

Our goal is to provide a well-maintained REST API, and we do so by actively managing the lifecycle of the Wowza Video REST API. We recommend that you always use the current version of the API. Use the Query for version status endpoint to automate notification when there’s a new current version of the REST API available, then plan and execute your migration to the new current version.

 

Sample Request:

curl -X GET \

-H "Authorization: Bearer ${WV_JWT}" \

'https://api.video.wowza.com/api/versions'
 

We provide a deprecation policy and schedule so our users can plan migration to newer functionality and versions as they are available.

 

API Lifecycle: Deprecation Schedule

While we strive to maintain backward compatibility between versions of the API to simplify your migration, it’s not always possible when we add significant new functionality such as JSON web token authentication.

This JWT-based authentication is available starting in version 1.8 of the API alongside the older API key/access key and HMAC authentication schemes. However, version 1.9 and future versions of the API will only support JWT, and we encourage you to update your integrations to use JWT as soon as possible.

Anticipated delivery dates are in bold. These are the dates we plan on moving the API to the next stage.

* Dates are in MM/DD/YYYY format.

 
API Version Beta Current Supported 1 Supported 2 Deprecated Discontinued
1.5 1/31/2020 5/27/2020 12/1/2020 10/15/2021 4/19/2022 9/29/2022
1.6 5/27/2020 12/1/2020 10/15/2021 4/19/2022 9/29/2022 3/15/2023
1.7 12/1/2020 10/15/2021 4/19/2022 9/29/2022 3/15/2023 9/20/2023
1.8 10/15/2021 4/19/2022 9/29/2022 3/15/2023 9/20/2023 3/20/2024
1.9 4/19/2022 9/29/2022 3/15/2023 9/20/2023 3/20/2024 9/18/2024
 

NOTE: API version 1.8 will still be available into 2023, but once it is discontinued, you will need to use the JSON Web Token (JWT) authentication method in version 1.9. The older versions of API authentication will no longer work.

 

Why Is the JSON (JWT) Method More Secure?

The JWT is more secure because:

  • The information is verifiable and trustworthy due to being digitally signed.
  • This authentication method is more versatile.
  • It allows users to create System Access Tokens and Personal Access Tokens.
  • JSON Web Token (JWT) adheres to modern security standards.
  • JWT provides added security across all Wowza properties (instead of having a Wowza Video-only API key).

Because using an account’s API key and an access key directly in API request headers is a less secure authentication method, we recommend it for initial evaluation and proof of concept applications only. JWT-based authentication is now available in version (1.8) of the Wowza Video REST API.

 Although you can authenticate both ways while we transition to version 1.9 in the next year, we encourage you to update your integrations to use JWT as soon as possible. Our goal is to provide a well-maintained REST API that delivers reliably, so we actively manage the lifecycle of the Wowza Video REST API. To learn more about the API lifecycle and schedule, visit our documentation here.

 

Authenticating With a JSON Web Token (JWT)

To authenticate with a JWT, you’ll need to create a personal access token, which is the JWT, in the Token Management portal. For convenience, you can also access the portal from the Access Key page in Wowza Video.

1. In the menu bar, click your username and choose Account Settings.

2. Make sure you’re on the API Access tab, and then click Token Management in the Wowza API Authentication is Changing banner.

 
Screen shot of the Wowza Video Token Management portal.

3. Once you are on the page that allows you to create and manage tokens, you will have the choice between a personal token or system tokens. The benefit of system tokens is that they enable you to assign different roles to members of your team.

4. If you’re an organization member who needs a system-level token that needs to persist, reach out to your organization owner. Make sure you copy the token and store it in a safe location; you won’t be able to see it again.

5. Use the JWT in your REST API requests as a bearer token in an Authentication header.

Sample Request:

curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <JWT>" \
-d '{
   "transcoder": {
     "billing_mode": "pay_as_you_go",
     "broadcast_location": "us_west_california",
     "buffer_size": 4000,
     "delivery_method": "push",
     "low_latency": true,
     "name": "MyABRtranscoder",
     "protocol": "rtsp",
     "transcoder_type": "transcoded"
   } 
}' "${WSC_HOST}/api/beta/transcoders"

Once you’ve created your token, you can simply create a variable in Postman named “token” and add your token value to it. This will then allow you to create your REST API calls and begin managing your live streams.  To see how to use the JWT authentication method when creating a new live stream with the REST API, a video tutorial is available. 

 

Protect Your Content With Wowza

Here at Wowza, we understand that secure streaming is critical. We provide the expertise to design the most reliable solution possible so you can trust in the security and reliability your business requires. In addition to offering the more secure JWT authentication method within the REST API, Wowza is also now SOC 2 certified.  In a world of piracy, hacking, and cyberattacks, Wowza is committed to reliability, security, and customer success.

These days, video powers everything, for everyone, everywhere. And with Wowza Video, there’s no limit to how you can transform your businesses with video technology. 

The cloud-based platform combines the flexibility required to build groundbreaking products with the reliability needed for business-critical applications. What’s more, our solution delivers powerful features at every stage of the workflow, thereby eliminating the complexity of integrating multiple vendors. 

 

Search Wowza Resources

Categories

Subscribe

Follow Us

𝕏

Categories

Back to All Posts

About Rose Power

Rose Power is the developer community manager for Wowza Media Systems. Passionate about building relationships with the dev community, Rose strives to deliver quality resources for a positive user experience built on trust. When not working, she can be found playing the ukulele around a fire or hiking the mountains of Colorado with her pup.

View More

Get Started With Wowza Today