Send streams securely to Wowza CDN with the Wowza Streaming Cloud REST API

With the secure ingest feature, the Wowza Streaming Cloud™ service allows you to secure a stream with a query parameter as it passes from a transcoder to Wowza CDN. When Wowza CDN ingests the stream from the transcoder, it requires the query parameter for processing. This prevents third parties from overriding the contents of your stream with unwanted content. In this article, learn how to enable secure ingest for live streams and transcoders using the Wowza Streaming Cloud REST API.

Secure a live stream

The live stream workflow in the Wowza Streaming Cloud REST API provides a simplified workflow with slightly less detailed control over configuration.

For secure ingest and the live stream workflow, everything is set up for you automatically.

  1. When you create a live stream using the REST API, Wowza Streaming Cloud automatically creates a Wowza stream target and associates it with your live stream. The Wowza stream target has use_secure_ingest set to true by default. Wowza Streaming Cloud generates a secure_ingest_query_param value, which is used to secure the connection between the transcoder and the CDN.
  2. When you start the transcoder and begin sending the source stream from a configured camera or encoder, Wowza CDN parses the query string to authorize the incoming stream from the transcoder.

Secure a transcoder

The transcoder workflow in the Wowza Streaming Cloud REST API is modular and provides more detailed control over configuration.

To configure secure ingest in the transcoder workflow, you start by creating a transcoder. It can have a push or pull connection and be passthrough or transcoded (adaptive-bitrate), depending on your needs and the functionality available at your broadcast location.

  1. In the Wowza Streaming Cloud REST API, create a transcoder.

    Example and response

    Notes:
    • For [key], substitute your API key or your access key as appropriate. For more information, see Locating and using API and access keys.
    • For [version], substitute the version number of the API that you're using. For the current version, use v1.2.
    Create a transcoder
    curl -X POST --header "Content-Type: application/json" --header "wsc-api-key: [key]" --header "wsc-access-key: [key]" -d '{  
       "transcoder": {  
         "billing_mode": "pay_as_you_go",  
         "broadcast_location": "us_west_california",  
         "buffer_size": 4000,  
         "delivery_method": "push",  
         "name": "My secure ingest transcoder",  
         "protocol": "rtmp",  
         "transcoder_type": "transcoded"  
    }  
    }' "https://api.cloud.wowza.com/api/[version]/transcoders"
    The request creates a transcoder and returns a response that includes details of the transcoder, including its unique transcoder ID. There are no outputs associated with the transcoder yet. Make note of the ID, which is the transcoder ID that Wowza Streaming Cloud creates for your stream. You'll need it to associate your transcoder with output renditions and stream targets. The response should look something like this:
    {  
        "transcoder": {  
            "id": "abcvwp8k",  
            "name": "My secure ingest transcoder",  
            "transcoder_type": "transcoded",  
            "billing_mode": "pay_as_you_go",  
            "broadcast_location": "us_west_california",  
            ... 
             "protocol": "rtmp",  
            "delivery_method": "push",  
            "source_port": 1935,  
            "domain_name": "[wowza-subdomain].entrypoint.cloud.wowza.com",  
            "application_name": "app-5b86",  
            "stream_name": "805e7031",  
            ...  
            "created_at": "2018-08-01T16:38:03.000Z",  
            "updated_at": "2018-08-01T16:38:03.000Z",  
            "direct_playback_urls": {  
                "rtmp": ["names and urls returned here"],  
                "rtsp": ["names and urls returned here"],  
                "wowz": ["names and urls returned here"]  
            },  
            "outputs": [],  
        }  
    }
  2. Create a Wowza stream target that you'll associate with the transcoder in the next step.
    Set the provider to akamai_cupertino, which provides playback over HLS, and set use_secure_ingest to true to deliver the HLS stream securely between the transcoder and the Wowza CDN.
    Note: Secure ingest is only available for Wowza stream targets with the provider akamai_cupertino.

    Example and response

    Create a Wowza stream target
    curl -X POST --header "Content-Type: application/json" --header "wsc-api-key: [key]" --header "wsc-access-key: [key]" -d '{ 
        "wowza_stream_target": { 
          "name": "My secure target", 
          "provider": "akamai_cupertino", 
          "use_secure_ingest": true 
        } 
      }' "https://api.cloud.wowza.com/api/[version]/stream_targets/wowza" 
    The details of the configured target are listed in the response. They include a secure_ingest_query_param value, which is used to secure the connection between the transcoder and the CDN. The response should look something like this:
    { 
        "wowza_stream_target": { 
            "id": "8cxwdlvg", 
            "name": "My secure target", 
            "provider": "akamai_cupertino", 
            "use_secure_ingest": true, 
            "secure_ingest_query_param": "[automatically generated query string]", 
            "use_cors": false, 
            "stream_name": "bc6859bf", 
            "primary_url": "http://[wowzasubdomain]-i.akamaihd.net/687319/bc6859bf", 
            "hls_playback_url": "https://[wowzasubdomain]-i.akamaihd.net/hls/live/687319/bc6859bf/playlist.m3u8", 
            "connection_code": "1QAbz9", 
            "connection_code_expires_at": "2018-08-29T13:50:34.000Z", 
            "created_at": "2018-08-28T13:50:34.000Z", 
            "updated_at": "2018-08-28T13:50:34.000Z"
        } 
    
    }
  3. Complete the transcoder by adding outputs and associating the Wowza stream target to the transcoder.
    For instructions on adding output renditions and stream targets to the transcoder, see one of the following articles, depending on whether you're creating an adaptive-bitrate or passthrough transcoder:
  4. When you start the transcoder and begin sending the source stream from a configured camera or encoder, Wowza CDN parses the secure_ingest_query_param value to authorize the incoming stream from the transcoder.

More resources