Hello, all!

I have a project where we need to have clients be able to view live video streams from traffic cameras on VLC player. We wish to have a level of security where only the clients are able to view the streams. We have a separate server that houses the access to the streams and we want to be able to use a wowza token to allow the the client to place the camera URL with the appended token and shared secret into VLC and view the stream. Right now, we are able to view the streams externally from the client server environment by using a specific port number in the URL created for camera access, which is what we want, but we are able to view the streams by using the camera URL with or without the token, which is not desired as it is a big security issue. I have a couple questions:

1. The wowza engine doesn’t seem to recognize the tokens. I have the parameter prefix and shared secret created in the live/Playback security section, no client restrictions, Protect all protocols using hash (Secure Token version 2) and SHA 256 hash algorithm. Start time and end time is not needed. Is there something else that needs to be activated? The URL with token looks like this:

https://server address:port/redirect/live/camera name?type=m3u8&shared secret&wowzaprefixparameterhash=base64

But like I said, the URL without the token:

https://server address:port/redirect/live/camera name?type=m3u8

also brings up the stream, so the secure token authorization is not working.

2. Next question, currently the base 64 hash token is created on the client side as per wowza documentation instructions, but the documentation mentions the generation of a wowza token on the wowza side. Is that wowza token sent back to the client side, or kept in the wowza server side? If it is kept on the wowza server side, how does that affect the token matching? If it can be sent to the client side, how do I retrieve the wowza token generated by wowza so it can be relayed to the client as a secure link to the live video stream?

Any insight would be appreciated, I’m new to wowza and the documentation is daunting to go through!

Thank you,
Carlos

Have you taken a look at this : https://www.wowza.com/docs/how-to-protect-streaming-using-securetoken-in-wowza-streaming-engine

I have, and while it contains a lot of useful information, it is still vague on a few issues that are germane to my questions, most notably, why my token does not return a live stream; does wowza generate a specific Base64 token that is returned to me that I use to append to my final url with the prefix parameter hash and shared secret? And how do I retrieve the wowza generated token if it is created within the wowza stream manager, is there an api I need to use?

There is no api. Follow through https://www.wowza.com/docs/how-to-protect-streaming-using-securetoken-in-wowza-streaming-engine

1. You enable secure token with a selected hash algorithm
2. Follow the hash generation guide and con at string in proper order and generate a hash using the selected algorithm in any programming language. This happens on your app server.
3. Make request to wowza in the described format passing in all relevant parameters as shown in examples.
4. Wowza knows algorithm selected , shared secret and prefix to expect. It will identify the parameters from query and generate hash on its own to verify against the hash you passed in.