Private Session Token
Private Session Tokens in Teyuto provide a secure method to control access to your video content. This guide explains how to set up and use this feature effectively.
Overview
Private Session Tokens allow you to restrict video access to authorized users only, even when the video URL is known. This is achieved through a two-step process:
- Creating a video with restricted privacy settings
- Using a token parameter when initializing the player
Step 1: Creating a Restricted Video
When uploading or editing a video in Teyuto:
- Navigate to the video settings
- Find the privacy options
- Set the privacy to "registered"
Private Session Token
[... contenuto precedente invariato ...]
Step 1: Creating a Restricted Video
Using the Teyuto Dashboard
When uploading or editing a video in Teyuto:
- Navigate to the video settings
- Find the privacy options
- Set the privacy to "registered"
Using the Teyuto API
You can also create or update a video with restricted access using the Teyuto API. Here's an example of how to do this:
For creating a new video:
POST https://api.teyuto.tv/v2/videos/vod
Content-Type: application/x-www-form-urlencoded
Authorization: YOUR_API_TOKEN
title=My Restricted Video&description=This video requires authentication&privacy=registered
For updating an existing video:
PATCH https://api.teyuto.tv/v2/videos/{video_id}
Content-Type: application/x-www-form-urlencoded
Authorization: YOUR_API_TOKEN
privacy=registered
Replace {video_id} with the actual ID of the video you want to update.
By setting privacy=registered in your API request, you ensure that the video can only be accessed by authenticated users with a valid token.
This setting ensures that the video cannot be accessed without proper authorization.
Private Session Token
Step 2: Using the Token Parameter
To allow authorized access to the video, you need to provide a token when initializing the player. This can be done in two ways:
Method 1: Using URL Parameters
When embedding the Teyuto Player via an iframe, add the token as a URL parameter:
<iframe src="https://UNIQUE_CHANNEL_NAME.teyuto.tv/video/player/?w=VIDEO_ID&token=YOUR_GENERATED_TOKEN" ...></iframe>
Replace VIDEO_ID with your actual video ID and YOUR_GENERATED_TOKEN with the securely generated token.
Method 2: Using the Player SDK
If you're using the Teyuto Player SDK, you can pass the token as a configuration option when initializing the player. Here's an example:
let options={
autoplay:'on',
token: '<USER_TOKEN>'
};
let player = new TeyutoPlayer("#target", {
channel: "<CHANNEL_PUBLIC>",
id: <VIDEO_ID>,
options: options
});
This method allows for more dynamic token management, as you can update the token programmatically without needing to reload the iframe.
Step 3: Generating Tokens with Temporary Expiration
You can enhance security by generating tokens with a temporary expiration using Teyuto's Session API. This ensures that the token is only valid for a specific period, after which it will no longer grant access to the video.
To generate a token with expiration:
- Use the
/sessionsendpoint of the Teyuto API - Include the
expirationparameter in your request to specify the token's validity period
Here's an example of how to generate a token with expiration:
POST https://api.teyuto.tv/v2/sessions
Content-Type: application/x-www-form-urlencoded
Accept: application/json
channel: YOUR_CHANNEL_TOKEN
user_id=1234&expiration=3600
In this example:
user_idId of user to generate sessionexpirationis set to 3600 seconds (1 hour)
Best Practices
- Generate tokens with short expiration times for enhanced security
- Implement server-side validation to ensure tokens are only generated for authenticated users
- Regularly rotate any secret keys used in token generation
- Use HTTPS to prevent token interception
Considerations
- Tokens are typically single-use and tied to a specific user session
- Implement proper error handling in your application for cases where tokens are invalid or expired
By following these steps, you can ensure that your video content remains secure and accessible only to authorized users, even when embedded on external websites or shared via direct links.
For more detailed information on token generation and advanced usage, please refer to the Teyuto API documentation.