About the Wowza Video REST API

Learn about the REST API for the Wowza Video™ service, including setting up a request, versioning, authentication, and testing out the API.

About the REST API

The Wowza Video REST API (application programming interface) uses the Hypertext Transfer Protocol (HTTP) to request data from Wowza Video servers through requests to API endpoints. You can use the Wowza Video REST API to add live streaming and playback functionality to your applications. The REST API offers complete programmatic control over live streams, transcoders, stream sources, and stream targets. Anything you can do in the Wowza Video UI can also be achieved by making HTTP-based requests to cloud-based servers through the REST API.

API requests

Requests in the Wowza Video REST API use JSON syntax for the request body and response. The examples in our articles use a curl command to execute an HTTP method in a Command Prompt or Terminal window. To learn about cURL and other methods for testing out the REST API, see Tools for testing the API.

Curl commands use the following general format:

curl -[HTTP method] --[headers] -[parameters] "[resource]"

HTTP method is the action you're requesting of the resource. Wowza Video uses these HTTP methods:

HTTP method Description
POST POST creates records in the resource's database. The POST method returns a response that indicates that the request was successful and includes the values of any newly created records.

GET retrieves records from the resource's database. The GET method returns a response including detailed information about the queried object or objects. You may need values from a GET response in order to use them in a POST or PATCH request.

Some endpoints return a cached response if you make a duplicate GET request to the endpoint within a specified period of time. See Wowza Video REST API server response caching for more information.

PATCH PATCH updates records in the resource's database. Certain attributes can't be updated in a PATCH request and must be defined in an initial POST request. The PATCH method returns a response that indicates that the request was successful and includes the values of updated records.
PUT PUT requests in the Wowza Video REST API start or stop a entity such as a live stream or transcoder. The PUT method response gives information about the entity that was affected.
DELETE DELETE removes the record from the resource's database. The delete method returns a response with no content.

Headers are information that precede the actual HTTP request. Wowza Video REST API requests require headers in key:value pairs. 

Key Description Where used
wsc-api-key A unique, 64-digit alphanumeric string. Each Wowza Video account has one API key. The API key can't be edited or deleted, and it doesn't expire. See Locate an API key and generate an access key for more information. For authentication with API keys (recommended for testing and initial development only). In HMAC authentication, wsc-api-key is replaced by a generated signature value, wsc-signature.
wsc-access-key The access key is also a 64-digit alphanumeric string, however, each user creates their own in the Wowza Video user interface. You can enable or disable individual access keys, but they don't expire. See Locate an API key and generate an access key for more information. For HMAC authentication and authentication with API keys.
wsc-timestamp Unix epoch timestamp. See HMAC authentication for more information. For HMAC authentication.
wsc-signature Hex digest-encoded signature string. See HMAC authentication for more information. For HMAC authentication.
Content-Type application/json
Specifies that the content sent to the server is in JSON format.
For POST and PATCH HTTP methods only.

Parameters refine the request and may correspond to options in the Wowza Video user interface. They can also be known as attributes. In JSON syntax, you define a value for each parameter in key:value pairs.

Example of parameters and their assigned values in a JSON object:

   "transcoder": {
     "billing_mode": "pay_as_you_go",
     "broadcast_location": "us_central_iowa",
     "delivery_method": "push",
     "name": " MyPassthruTranscoder",
     "protocol": "rtmp",
     "transcoder_type": "passthrough"

Resource, or base URL, is the location of the server receiving the request. In the Wowza Video REST API, the base URL is


Example of a full API request in curl command syntax:

curl -X POST \
-H "Content-Type: application/json" \
-H "wsc-api-key: ${WSC_API_KEY}" \
-H "wsc-access-key: ${WSC_ACCESS_KEY}" \
-d '{
   "transcoder": {
     "billing_mode": "pay_as_you_go",
     "broadcast_location": "us_central_iowa",
     "delivery_method": "push",
     "name": " MyPassthruTranscoder",
     "protocol": "rtmp",
     "transcoder_type": "passthrough"
}' "https://api.video.wowza.com/api/${WSC_VERSION}/transcoders"

Note: The Wowza Video REST API publishing and playback endpoints use dynamic IP addresses. As a result, we can't provide IP addresses for allowlisting from behind a firewall.

API versions

The Wowza Video REST API is periodically versioned. Minor updates are iterated using sequential dot numbers; major versions are iterated using sequential whole numbers. To learn more about the API lifecycle and what you can expect in each stage (beta, current, etc), see Wowza Video REST API lifecycle management.

More resources

API limits

Reasonable resource limits are in place to prevent excessive usage of streams and stream targets through the Wowza Video REST API. See Wowza Video REST API limits for details.

For information on limitations of the Wowza Video free trial, see Trial limitations.


For security, all requests to the Wowza Video REST API must include authentication information in the header. There are two methods to authenticate requests:

Note: Wowza Video is transitioning to a JSON Web Token-based authentication scheme, rather than an API key/access key scheme. JWT-based authentication is now available in version (1.8) of the API. Although you'll be able to authenticate both ways while we transition, we encourage you to update your integrations to use JWT as soon as possible.

To learn more, see the Release Notes.

HMAC authentication

For code deployed to production environments, we recommend hash-based message authentication code (HMAC) for increased security. In this form of authentication, the API key is a private, secret key. It is known to you and the Wowza Video service but never sent directly in an API request. 

To perform HMAC authentication, you use a timestamp, the request path, and your secret API key to generate a signature, which you then encrypt using a secure hashing algorithm (SHA-256) with digest encryption and hex encoding. You pass the encrypted signature into the request as a header value along with the timestamp and your access key. When the server receives the request, Wowza Video uses the header values you sent and the secret API key value to regenerate the signature with the secure hashing algorithm, and, if the values match, performs the request.

For HMAC authentication, you'll need:

  • An API key
  • An access key
  • The request path for your API request, without the protocol or query parameters. An intial forward slash (/) is required, and a final forward slash is not allowed. For example, if your initial path is


    it becomes

  • A timestamp matching these conditions:
    • A Unix epoch value representing the current time
    • A value within 15 seconds of the server clock, or the signature is considered invalid
    • The same timestamp value that's used to generate the signature

First, you'll locate your API key and generate an access key. Then you'll generate and encrypt a signature for the API request.

Locate an API key and generate an access key

Both the API key and the access key can be found in the Wowza Video user interface.

  1. In the menu bar, click your user name and choose Account Settings.
  2. Make sure you're on the API Access tab.

The keys are located in the API Key and Access Keys sections, respectively.

  1. To generate a new access key, click Add Access Key.
  2. Leave Enabled selected so that the key is immediately available, and provide an optional Description. Then, click Add.

Wowza Video generates the key.

You can disable and re-enable the access key at any time, and edit the description.

Generate and encrypt a signature for the request

Using the following code examples as a guide, generate the signature, encrypt it, and pass it into a wsc-signature header value.

In the code examples, we first generate a signature data string consisting of the timestamp, request path, and api key, delimited by a colon (:).

For example:

If timestamp = 1542064908
and request_path = /api/v1.8/live_streams
and api_key = mysupersecretkey
Then data = 1542064908:/api/v1.8/live_streams:mysupersecretkey

We then use the signature data and the API key to create a hex string that is HMAC-encoded with SHA256 digest.

Ruby example:

require 'openssl'

# Generates a signature string for a Wowza Video API request.

# @param String request_path The request path without the protocol or host name.
# @param String api_key The api key assigned to you through Wowza Video. 
# @param Integer timestamp The Unix Epoch timestamp of the request

def generate_request_signature(request_path, api_key, timestamp)
# Ensure we only have the path, and not the parameters
  request_path = request_path.split("?").first

# Ensure the leading slash
  request_path = "/#{request_path}" unless request_path.start_with?("/")

# Ensure the trailing slash is removed if it is present.
  request_path = request_path.chomp('/')

# Generate the data string
  data = "#{timestamp}:#{request_path}:#{api_key}"

# Return the HMAC-SHA256-Hex string.
  return OpenSSL::HMAC.hexdigest("SHA256", api_key, data)

Java example:

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;

// Generates a signature string for a Wowza Video API request.

// Generate the data string
public String generate_request_signature(String requestPath, String apiKey, long timeStamp) 
    // Make sure we only have the path.  No query parameters
    requestPath = requestPath.split("?")[0];
    // Make sure there is a leading slash
    if (!requestPath.startsWith("/"))
        requestPath = "/"+ requestPath;
    // Make sure there is not a trailing slash
    if (requestPath.endsWith("/"))
        requestPath = requestPath.substring(0, requestPath.length() - 1);

    // Make the complete request string
    String data = timeStamp +":" + requestPath +":" + apiKey;
    Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
    SecretKeySpec secret_key = new SecretKeySpec(apiKey.getBytes("UTF-8"), "HmacSHA256");
    // Return the HMAC-SHA256-Hex string.
    byte[] byteData = sha256_HMAC.doFinal(data.getBytes("UTF-8"));
    return Hex.encodeHexString(byteData);

We pass the resulting value into the request header along with the timestamp and access key. The API request will look something like this:

curl -X GET \
-H "wsc-access-key: [key]" \
-H "wsc-timestamp: [timestamp]" \
-H "wsc-signature: [code-generated-signature]" \

API key and access key authentication

Because using an account's API key and an access key directly in request headers is a less secure authentication method, we recommend it for initial evaluation and proof of concept applications only. See Locate an API key and generate an access key for more information.

A request using the API key and access key authentication method looks like this:

curl -X GET \
-H "wsc-api-key: ${WSC_API_KEY}" \
-H "wsc-access-key: ${WSC_ACCESS_KEY}" \

Important: In example requests shown in our example articles, we use environment variables for the API key, access key, host, and version number. See Using cURL to learn more.

Tools for testing the API

Using cURL

The Wowza Video REST API examples in this documentation site use curl commands. cURL is a command-line tool that allows you to execute HTTP requests. It is native to the Terminal application on macOS and Linux, but it requires some installation for use in the Command Prompt on Windows operating systems. To find a download for Windows, see the curl Download Wizard.

To review curl command syntax used in our API examples, see API requests.

We use environment variables in the curl API request examples for Wowza Video to make it easier for you to copy, paste, and run commands in your Terminal or Command Prompt window. The variable syntax differs according to your operating system.

Description macOS/Linux Variable
(used in examples)
Windows Variable

You can set environment variables like this, depending on your operating system:

Linux or macOS:

export WSC_ACCESS_KEY="your access key here"
export WSC_API_KEY="your API key here"
export WSC_HOST="https://api.video.wowza.com"
export WSC_VERSION="v1.8"


set WSC_ACCESS_KEY=your access key here
set WSC_API_KEY=your API key here
set WSC_HOST=https://api.video.wowza.com
set WSC_VERSION=v1.8

After setting values for the environment variables, you can copy and paste API request examples into your Terminal or Command Prompt. You'll still need to substitute resource IDs and update parameter values, where appropriate.

Using a GUI-based REST API client

Other options for testing the Wowza Video REST API are applications with a graphical user interface, such as Postman, Paw, or Insomnia, that provide a user interface and responses in formatted JSON. See documentation for your chosen API testing application for detailed usage information.

Note these configuration details:

Authorization No Auth

wsc-api-key: [api key value for your account, for API key and access key authentication only]

wsc-access-key: [access key value for your user]

wsc-timestamp: [timestamp for the request, for HMAC authentication only]

wsc-signature: [hash-encoded signature for the request, generated through a pre-request script or HMAC signature native to the API test application, for HMAC authentication only]

Content-Type: application/json

Body JSON-formatted request body that includes parameters and their assigned values

Example POST request in a GUI-based API test application:

example Postman HTTP request for Wowza Video

Accessing support

Sometimes you need a helping hand. You can view the Wowza Video REST API community forum to get help from other Wowza Video users and experts from around the world.

You can also contact Wowza Support for REST API issues with Wowza Video. When contacting support for an error returned via the API, be sure to include the following information:

  • The API request you sent that caused an error
  • The request ID returned in the error response
  • The request timestamp returned in the error response

The request ID and request timestamp will look something like this:

    "meta": {
        "status": 401,
        "code": "ERR-401-InvalidSignature",
        "title": "Invalid Signature Error",
        "message": "Invalid signature.",
        "description": ""
    "request_id": "12a6c19ad7fa49dc9126e6ce6c7ca9d7",
    "request_timestamp": "2019-11-04T15:38:47.198Z"

More resources