Manage HLS playback over SSL for Wowza CDN on Akamai with the Wowza Streaming Cloud REST API

When you broadcast an HLS stream using the Wowza Streaming Cloud™ service, you have complete control over whether or not Secure Socket Layer (SSL) is used to establish a handshake for encrypting the HTTP connections that deliver the stream to viewers. By default, Wowza CDN on Akamai and custom stream targets with a provider of akamai_cupertino use relative playlists, which allow streams to be played over HTTP or HTTPS—or both. This provides the greatest flexibility for your viewers. You can, however, require that viewers watch a stream from a Wowza CDN on Akamai target over HTTP or HTTPS. Requiring viewers to watch a stream over HTTPS ensures an encrypted connection during playback. You can also configure Wowza Streaming Cloud to send the stream from the transcoder to the target using SSL, allowing encryption during this data transfer.

Note: This article applies to Wowza CDN on Akamai and custom stream targets only. To manage HLS playback over SSL for Wowza CDN on Fastly stream targets, see Manage HLS playback over SSL for Wowza CDN on Fastly with the Wowza Streaming Cloud REST API.

Before you start

You should complete the following tasks:

  • Create a transcoder. You'll need the resulting stream_targets_id. View our Connect a source topics to learn how to create a live stream or transcoder.
     

About SSL playback from Wowza Streaming Cloud stream targets


Streams delivered from Wowza Streaming Cloud travel across the internet in two stages to reach their audiences. After Wowza Streaming Cloud transcodes (or passes through) the encoded live source video, it sends the stream to geographically distributed servers. Those servers then deliver the stream to viewers, such as through a hosted webpage or a direct playback URL.

Wowza Streaming Cloud uses the HTTP protocol to make these two outbound network transfers, delivering streams for playback over HLS or over HLS and HDS. For both types of HTTP delivery, Wowza Streaming Cloud generates a relative playlist, which means that the stream can be viewed over HTTP or HTTPS. The viewer is not restricted to the secure or unsecured protocol.

When you choose to deliver a stream over Wowza CDN on Akamai stream targets or custom stream targets with the provider akamai_cupertino, you can enjoy the default flexibility of relative playlists, or you can control whether the viewer has to use HTTP or HTTPS to watch the stream by editing the stream target’s properties.

Deliver an HLS stream for playback over HTTP or HTTPS


Stream target with a provider of akamai_cupertino enable the relativePlaylists stream target property by default, allowing viewers to play your stream over HTTP or HTTPS.

For the playback_url, refer to hls in the playback_urls object returned in the stream target details. Use this URL to play the stream in a browser or player that supports HLS. Although the playback URL appears as HTTPS, the playback URL can also be accessed using HTTP.

For example:
https://[wowzasubdomain]-f.akamaihd.net/i/32a5814b_1@7217/master.m3u8

Deliver an HLS stream for playback over HTTPS only


You can require SSL for HLS playback, if desired. This ensures that viewer clients connect securely to view the stream. You can also optionally send the stream from the transcoder to the target using SSL. 

  1. Configure properties for the stream target or stream targets that you associated with your transcoder.

    You can use the following sample request, making sure to:

    • Set key to playSSL
    • Set section to playlist
    • Set value to true
    • Set stream_target_id to the stream_targets_id.

    Sample request

    Endpoint Reference


    curl -X POST \
    -H "Content-Type: application/json" \
    -H "wsc-api-key: ${WSC_API_KEY}" \
    -H "wsc-access-key: ${WSC_ACCESS_KEY}" \
    -d '{   
      "property": {     
      "key": "playSSL",     
      "section": "playlist",     
      "value": true  
      } 
    }' "${WSC_HOST}/api/${WSC_VERSION}/stream_targets/[stream_target_id]/properties"

    Sample response

    {    
      "property": {      
        "key": "playSSL",      
        "section": "playlist",      
        "value": true 
      } 
    
    } 

    For more information about configuring stream target properties and related requests, see How to set advanced properties using the Wowza Streaming Cloud REST API.

  2. For the playback_url, refer to the hls in the playback_urls object returned in the stream target details. Use this URL to play the stream in a browser or player that supports HLS. The playback URL can only be accessed using HTTPS.

For example:
https://[wowzasubdomain]-f.akamaihd.net/i/32a5814b_1@7217/master.m3u8

Deliver an HLS stream for playback over HTTP only


You can create a transcoder with outputs and stream targets that play HLS over HTTP only by configuring the relativePlaylists property for the stream target or stream targets that you associated with your transcoder. 

You can use the following sample request, making sure to:

• Set key to relativePlaylists
• Set section to playlist
• Set value to false
• Set stream_target_id to the stream_targets_id

Sample request

Endpoint Reference

curl -X POST \
-H "Content-Type: application/json" \
-H "wsc-access-key: [key]" \
-H "wsc-timestamp: [timestamp]" \
-H "wsc-signature: [signature]" \
-d '{   
  "property": {     
  "key": "relativePlaylists",     
  "section": "playlist",     
  "value": false  
  } 
}' "${WSC_HOST}/api/${WSC_VERSION}/stream_targets/[stream_target_id]/properties"

Sample response

{    
  "property": {      
    "key": "relativePlaylists",      
    "section": "playlist",      
    "value": false 
  } 
} 

More resources