All Products
Search

This Product

    ApsaraVideo Live:Configure DRM encryption

    Document Center

    ApsaraVideo Live:Configure DRM encryption

    Last Updated:Feb 04, 2026

    You can add and manage certificates in the console to encrypt live streams and use ApsaraVideo Player to decrypt and play them. This topic describes how to use the DRM encryption feature in the console.

    Important

    Due to service adjustments, the DRM encryption feature will be retired soon and is no longer available to new users. Existing users can continue to use the feature without any immediate impact. The exact retirement date will be announced separately. Thank you for your support!

    Prerequisites

    • You have activated ApsaraVideo Live and completed basic operations such as adding a domain name and associating domains. For more information, see Get started with ApsaraVideo Live.

    • You have purchased an Alibaba Cloud Key Management Service (KMS) instance. For more information, see Purchase and enable a KMS instance.

    • If you use iOS, you must obtain a FairPlay certificate and securely store the certificate, private key, passphrase, and Application Secret Key (ASk). For more information, see Apply for a FairPlay certificate.

    Background information

    Digital Rights Management (DRM) is a security feature provided by ApsaraVideo Live that supports Widevine and FairPlay encryption. For more information, see DRM encryption.

    Limits

    Limit category

    Description

    Management method

    Configuration is currently available only in the console. API calls are not supported.

    Live Streaming Center

    For live centers that support this feature, see Service regions.

    Enable method

    After configuration, if you enable DRM for a domain name for the first time, submit a ticket to enable it.

    Player version

    Only ApsaraVideo Player V5.3.4 or later is supported.

    Console configuration

    You can upload a certificate, create a key, add the key, and configure a transcoding template in the ApsaraVideo Live console and the Key Management Service console.

    1. Upload Certificate

      Note

      Apple requires a FairPlay Streaming certificate for FairPlay encryption. To encrypt content for iOS users, you must upload the FairPlay certificate.

      1. Log on to the ApsaraVideo Live console.

      2. In the left navigation pane, choose Feature Management > DRM Management to go to the DRM Management page.

      3. Click Certificates, go to the Certificates tab, and click Upload Certificate to start uploading.

        Upload the certificate and private key, and enter the passphrase and ASk. You can obtain this information when you apply for the certificate.F80CAB1F-3C76-436e-B953-D4B321149465

      4. Click OK to complete the upload.

    2. Create a key. For more information, see Manage keys.

      After you create the key, copy it.

    3. Add a key

      1. Return to the ApsaraVideo Live console.

      2. In the left navigation pane, choose Feature Management > DRM Management to open the DRM Management page.

      3. On the Keys tab, click the Edit icon.

        image

      4. In the Enter Key dialog box, paste the copied key.

        image

      5. Click OK.

    4. Configure a transcoding template

      1. Return to the ApsaraVideo Live console.

      2. In the navigation pane on the left, choose Feature Management > Transcoding to go to the Transcoding page.

      3. Select the streaming domain that you want to configure and click the Custom Transcoding tab.

      4. Click Add to create a Custom Transcoding template and enable Video Encryption.

      5. For information about other settings, see Custom transcoding.image

    Enable the service

    After you complete the configuration, if this is the first time you enable DRM for a domain name, you must submit a ticket to enable the service.

    If you want to use DRM for another domain name, you must submit another ticket to enable the service for that domain.

    Obtain a DRM streaming URL

    The format of a DRM streaming URL is as follows:

    http://demo.aliyundoc.com/liveApp****/liveStream****?auth_key=12345****
    Note

    How to obtain:

    • You can manually construct the address according to the rules.

    • Go to the URL Generators and select the appropriate transcoding template group to generate the streaming URL. For more information, see Streaming URL generator.

    • Go to the Streams page to view the live stream's streaming URL. For more information, see Manage live streams.

    Configure the player

    The DRM encryption feature for live streams is designed to work with ApsaraVideo Player to simplify development. When you play DRM-encrypted videos, you must configure the player as follows:

    • Use ApsaraVideo Player V5.3.4 or later. FairPlay is supported on iOS, and Widevine is supported on Android.

    • On Android, use SurfaceView to ensure that high-security videos play correctly.

    • On iOS, call the setFairPlayCertID method in AliPlayerGlobalSettings once to set the certificate ID globally. You can obtain the certificate ID from the console under DRM Management > Certificates.

    Note

    When you play high-security videos, operations such as rotate, mirror, or screenshot are not supported.

    References

    For more information about DRM management, see DRM encryption.