I would generate a unique hash signature based on the stream path, the current timestamp, and a secret code. Then, I would include this signature and timestamp as variables with my embedded streams, and the Wowza server could use my secret code to re-create the hash using the stream path and timestamp variable. If the re-created hash doesn’t match the included signature, the stream request is rejected. It also rejects requests where the timestamp is too old (expired).
How much for custom stream authorization .