ApsaraVideo VOD and ApsaraVideo Live support multiple encryption methods. You can use ApsaraVideo Player SDK to decrypt and play videos. This protects your video content from hotlinking, illegal downloads, and unauthorized distribution. This topic describes how to use ApsaraVideo Player SDK to play videos encrypted by using HTTP-Live-Streaming (HLS) encryption, Alibaba Cloud proprietary cryptography, and digital rights management (DRM) encryption.
Video encryption overview
ApsaraVideo VOD provides a comprehensive security mechanism to protect videos from hotlinking and illegal downloads or distribution. Security policies include access control, URL signing, remote authentication, video encryption, and secure download.
For more information about the security policies, see Overview. This topic describes how to play videos that are encrypted by using three encryption methods. The following table describes the three methods that can be used to encrypt videos.
Security policy | Method | Benefit | Security level | Deployment complexity |
Video encryption | Alibaba Cloud proprietary cryptography | ApsaraVideo VOD uses a proprietary cryptography algorithm to provide a cloud-device integrated video encryption solution. This ensures the security of transmission links. | High | Relatively low. You need to only perform simple configurations and integrate ApsaraVideo Player SDK. |
HTTP Live Streaming (HLS) encryption | HLS encryption uses AES-128 to encrypt video content and supports all HLS-compatible players. However, the keys are prone to theft. | Relatively high | High. You must set up a key management service and a token issuance service. In addition, you must ensure the security of transmission links. | |
Commercial digital rights management (DRM) | Platforms such as Apple FairPlay and Google Widevine provide native support for DRM. DRM delivers high security and meets the requirements of large copyright content providers. | High | High. You are charged based on the number of license calls. You need to only integrate ApsaraVideo Player SDK. |
Compatibility of ApsaraVideo Player SDK
Before you use ApsaraVideo Player SDK for Web to play encrypted videos, make sure that you are familiar with the encryption features supported on your browser. For example, you cannot use ApsaraVideo Player SDK for Web to play videos encrypted by using Alibaba Cloud proprietary cryptography on iOS devices. For more information, see Browsers supported by the HTML5 player and Features of the HTML5 player supported by browsers.
Client | Playback method | Alibaba Cloud proprietary cryptography (HLS format) | Alibaba Cloud proprietary cryptography (MP4 format) | HLS encryption | DRM encryption |
ApsaraVideo Player SDK for Web | UrlSource-based playback | Not supported | Not supported | Supported | Not supported |
VidAuth-based playback | Supported | Not supported | Supported | Not supported | |
VidSts-based playback | Not supported | Not supported | Supported | Supported | |
UrlSource-based live streaming | Not supported | - | Supported | Not supported | |
LiveStsSource-based live streaming | Supported | - | Not supported | Supported | |
ApsaraVideo Player SDK for Android | UrlSource-based playback | Not supported | Supported only in ApsaraVideo Player SDK for Android V6.8.0 or later. | Not supported | Not supported |
VidAuth-based playback | Supported | Supported | Supported | Not supported | |
VidSts-based playback | Supported | Supported | Supported | Supported | |
UrlSource-based live streaming | Not supported | - | Supported | Not supported | |
LiveStsSource-based live streaming | Supported | - | Not supported | Supported | |
ApsaraVideo Player SDK for iOS | UrlSource-based playback | Not supported | Supported only in ApsaraVideo Player SDK for iOS V6.8.0 or later. | Not supported | Not supported |
VidAuth-based playback | Supported | Supported | Supported | Not supported | |
VidSts-based playback | Supported | Supported | Supported | Supported | |
UrlSource-based live streaming | Not supported | - | Supported | Not supported | |
LiveStsSource-based live streaming | Supported | - | Not supported | Supported |
Alibaba Cloud proprietary cryptography
Overview
Alibaba Cloud proprietary cryptography encrypts video data. Video files that are downloaded to local devices are encrypted. This prevents unauthorized redistribution, video leakage, and hotlinking. For more information about the mechanism and benefits of Alibaba Cloud proprietary cryptography, see Alibaba Cloud proprietary cryptography.
ApsaraVideo Player encapsulates the logic for video decryption and client-server interactions into the SDK. To play videos that are encrypted by using Alibaba Cloud proprietary cryptography, you need to only configure encryption and transcoding and integrate ApsaraVideo Player SDK for playback at low costs.
Videos encrypted by using Alibaba Cloud proprietary cryptography are generated only in the HLS and MP4 formats and can be played only by using ApsaraVideo Player.
Configure Alibaba Cloud proprietary cryptography
For more information about how to configure Alibaba Cloud proprietary cryptography, see Procedure.
Use ApsaraVideo Player SDK for Web
Limits
You can use only ApsaraVideo Player to play HLS videos that are encrypted by using Alibaba Cloud proprietary cryptography.
Procedure
You can embed ApsaraVideo Player SDK for Web into a web page to play videos encrypted by using Alibaba Cloud proprietary cryptography. Sample code:
Before you use ApsaraVideo Player SDK for Web, make sure that your browser supports the playback of videos encrypted by using Alibaba Cloud proprietary cryptography. The following items describe the compatibility of ApsaraVideo Player.
HTML5 players can be used in browsers on mobile devices and PCs. For more information, see Features of the HTML5 player supported by browsers.
Flash players can be used only in browsers on PCs. For more information, see Browsers supported by the Flash player.
For security reasons, you cannot use Alibaba Cloud proprietary cryptography to encrypt videos that are already encrypted.
Use VidAuth to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS format)
If you use VidAuth to play an on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography, you must pass encryptType: 1. This setting is not required if you play an unencrypted video.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
<title>Demo for playing an on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography</title>
<link rel="stylesheet" href="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/skins/default/aliplayer-min.css" />
<script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/aliplayer-min.js"></script>
</head>
<body>
<div class="prism-player" id="J_prismPlayer"></div>
<script>
var player = new Aliplayer({
id: 'J_prismPlayer',
width: '100%',
vid : '<your video ID>',// Required. You can log on to the ApsaraVideo VOD console and choose Media Files > Audio/Video to obtain the video ID. Example: 1e067a2831b641db90d570b6480f****.
playauth : '<your PlayAuth>',// Required. You can call the GetVideoPlayAuth operation to obtain the playback credential.
encryptType: 1, // Required. Set this parameter to 1 if you use Alibaba Cloud proprietary cryptography to encrypt the video. Otherwise, leave this parameter empty.
playConfig:{EncryptType:'AliyunVoDEncryption'}, // Specify this parameter if the output M3U8 streams include streams that are encrypted by using an algorithm other than Alibaba Cloud proprietary cryptography.
// authTimeout: 7200, // The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 7200 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete.
},function(player){
console.log('The player is created.')
});
</script>
</body>
</html>Use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography (HLS format)
If you use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography, you must specify the streaming URL and Security Token Service (STS) token. For more information, see Use STS to upload videos. Sample code:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
<title>Demo for playing a live stream that is encrypted by using Alibaba Cloud proprietary cryptography</title>
<link rel="stylesheet" href="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/skins/default/aliplayer-min.css" />
<script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/aliplayer-min.js"></script>
</head>
<body>
<div class="prism-player" id="J_prismPlayer"></div>
<script>
var player = new Aliplayer({
id: 'J_prismPlayer',
width: '100%',
isLive: true, // Set this parameter to true.
source: '<your live stream url>',// Required. The streaming URL is the HLS URL of an stream that is encrypted by using Alibaba Cloud proprietary cryptography.
accessKeyId: '<your AccessKey ID>',// Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS.
accessKeySecret: '<your AccessKey secret>',// Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS.
securityToken: '<your STS token>',// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS.
domain: '<your Domain>',// Required. The domain name used for stream pulling.
app:'<your App Name>',// Required. The name of the application.
stream:'<your Stream Name>',// Required. The name of the live stream.
regionId: '<region of your video>',// Required. The ID of the region in which the media asset is stored, such as cn-shanghai, eu-central-1, or ap-southeast-1.
},function(player){
console.log('The player is created.')
});
</script>
</body>
</html>
Use ApsaraVideo Player SDK for Android
Limits
HLS and MP4 videos that are encrypted by using Alibaba Cloud proprietary cryptography can be played only by using ApsaraVideo Player.
Procedure
You can integrate ApsaraVideo Player SDK for Android into your application. The following content describes how to use ApsaraVideo Player SDK for Android for playback and provides sample code:
Integrate ApsaraVideo Player SDK for Android.
For more information about how to integrate ApsaraVideo Player SDK for Android, see Quick integration.
Create a player for playback.
For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.
Use UrlSource to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (MP4 format)
NoteYou can use UrlSource to play on-demand MP4 videos that are encrypted by using Alibaba Cloud proprietary cryptography. This method is supported only for ApasaVideo Player SDK for Android V6.8.0 or later.
To use UrlSource to play an MP4 video that is encrypted by using Alibaba Cloud proprietary cryptography, call the GetPlayInfo operation to obtain the playback URL and add
etavirp_nuyila=1to the end of the URL. Then, pass the URL to the player for playback. You do not need to configure additional parameters.Sample URL:
https://example.aliyundoc.com/test.mp4?etavirp_nuyila=1UrlSource urlSource = new UrlSource(); urlSource.setUri("Playback URL");// Required. The playback URL of the video. You can call the GetPlayInfo operation to obtain the URL. // Add etavirp_nuyila=1 to the end of the playback URL before you pass the URL to the player for playback. Sample URL: https://example.aliyundoc.com/test.mp4?etavirp_nuyila=1. aliPlayer.setDataSource(urlSource);Use VidAuth to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS and MP4 formats)
If streams that are encrypted by using a method other than Alibaba Cloud proprietary cryptography exist or unencrypted streams exist, you can set the encryption method to AliyunVodEncryption to filter videos that are encrypted by using Alibaba Cloud proprietary cryptography.
VidAuth vidAuth = new VidAuth(); VidPlayerConfigGen vidPlayerConfigGen = new VidPlayerConfigGen(); vidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.AliyunVodEncryption);// Optional. If you set the encryption method to AliyunVodEncryption, only videos that are encrypted by using Alibaba Cloud proprietary cryptography are returned. vidAuth.setPlayConfig(vidPlayerConfigGen); vidAuth.setVid("Video ID");// Required. The video ID. vidAuth.setPlayAuth("Playback credential"); // Required. The playback credential. To obtain the playback credential, call the GetVideoPlayAuth operation in ApsaraVideo VOD. vidAuth.setRegion("Access region"); // This parameter is deprecated in ApsaraVideo Player SDK V5.5.5.0 or later. If you use ApsaraVideo Player SDK V5.5.5.0 or later, the player automatically parses the region information. If you use ApsaraVideo Player SDK V5.5.5.0 or earlier, this parameter is required. Specify the ID of the region in which ApsaraVideo VOD is activated for this parameter. Default value: cn-shanghai. // vidAuth.setAuthTimeout(3600);// Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. aliPlayer.setDataSource(vidAuth);Use VidSts to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS and MP4 formats)
If streams that are encrypted by using a method other than Alibaba Cloud proprietary cryptography exist or unencrypted streams exist, you can set the encryption method to AliyunVodEncryption to filter videos that are encrypted by using Alibaba Cloud proprietary cryptography.
VidSts vidSts = new VidSts(); VidPlayerConfigGen vidPlayerConfigGen = new VidPlayerConfigGen(); vidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.AliyunVodEncryption);// Optional. If you set the encryption method to AliyunVodEncryption, only videos that are encrypted by using Alibaba Cloud proprietary cryptography are returned. vidSts.setPlayConfig(vidPlayerConfigGen); vidSts.setVid("Vid"); // Required. The video ID. vidSts.setAccessKeyId("<yourAccessKeyId>"); // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. vidSts.setAccessKeySecret("<yourAccessKeySecret>");// Required. The AccessKey secret that is issued together with the STS token. To generate the AccessKey secret, call the AssumeRole operation in STS. vidSts.setSecurityToken("<yourSecurityToken>");// Required. The security token. To generate an STS token, call the AssumeRole operation in STS. vidSts.setRegion("Access region"); // Required. The ID of the region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. // vidAuth.setAuthTimeout(3600);// The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. aliPlayer.setDataSource(vidSts);Use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography (HLS format)
If you use LiveStsSource to play an HLS live stream that is encrypted by using Alibaba Cloud proprietary cryptography, you must specify the streaming URL and STS token and set the encryption method to AliEncryption. Sample code:
Configure a playback source.
Set AVPLiveStsSource as the playback source.
// Create the AVPLiveStsSource playback source. You must set EncryptionType to AliEncryption. LiveSts liveSts = new LiveSts(); liveSts.setUrl("<your live stream url>");// Required. The URL of the HLS live stream that is encrypted by using Alibaba Cloud proprietary cryptography. liveSts.setAccessKeyId("<your AccessKey ID>");// Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. liveSts.setAccessKeySecret("<your AccessKey secret>");// Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. liveSts.setSecurityToken("<your STS token>");// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. liveSts.setDomain("<your Domain>");// Required. The streaming domain. liveSts.setApp("<your App Name>");// Required. The name of the application to which the live stream belongs. liveSts.setStream("<your Stream Name>");// Required. The name of the live stream. liveSts.setEncryptionType(LiveSts.LiveEncryptionType.AliEncryption);// Required. Set the encryption method to AliEncryption. liveSts.setRegion("<region of your video>");// Required. The region in which ApsaraVideo VOD is activated, such as cn-shanghai. // Configure the playback source. aliPlayer.setDataSource(liveSts); // Prepare for playback. aliPlayer.prepare();Check whether the STS token is valid.
The encryption key may change during the playback of encrypted live streams. The player sends a request to obtain the latest key from STS. You must check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.
mAliyunVodPlayer.setOnVerifyTimeExpireCallback(new AliPlayer.OnVerifyTimeExpireCallback() { @Override public AliPlayer.Status onVerifySts(StsInfo info) { if (The token can be used){ return IPlayer.StsStatus.Valid; } if(A valid STS token can be obtained){ Obtain STS();// This operation can be synchronously or asynchronously performed. return IPlayer.StsStatus.Pending; } // If the token is invalid and the latest STS token cannot be obtained, we recommend that you stop the playback to prevent screen flickers. mAliyunVodPlayer.stop(); return IPlayer.StsStatus.Invalid; } @Override public AliPlayer.Status onVerifyAuth(VidAuth auth) { return AliPlayer.Status.Valid; } });NoteAfter you obtain a valid STS token, call
updateLiveStsInfoto update the STS token. If the token failed to be obtained, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.mAliyunVodPlayer.updateStsInfo(stsInfo);
Use ApsaraVideo Player SDK for iOS
Limits
HLS and MP4 videos that are encrypted by using Alibaba Cloud proprietary cryptography can be played only by using ApsaraVideo Player.
Procedure
You can integrate ApsaraVideo Player SDK for iOS into your application. The following content describes how to use ApsaraVideo Player SDK for iOS for playback and provides sample code:
Integrate ApsaraVideo Player SDK for iOS.
For more information about how to integrate ApsaraVideo Player SDK for iOS, see Quick integration.
Create a player for playback.
For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.
Use UrlSource to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (MP4 format)
NoteYou can use UrlSource to play MP4 videos that are encrypted by using Alibaba Cloud proprietary cryptography. This method is supported only for ApasaVideo Player SDK for iOS V6.8.0 or later.
To use UrlSource to play an MP4 video that is encrypted by using Alibaba Cloud proprietary cryptography, call the GetPlayInfo operation to obtain the playback URL and add
etavirp_nuyila=1to the end of the URL. Then, pass the URL to the player for playback. You do not need to configure additional parameters.Sample URL:
https://example.aliyundoc.com/test.mp4?etavirp_nuyila=1AVPUrlSource *urlSource = [[AVPUrlSource alloc] urlWithString:url]; // Required. The playback URL. You can call the GetPlayInfo operation to obtain the playback URL. Add etavirp_nuyila=1 to the end of the playback URL before you pass the URL to the player for playback. Sample URL: https://example.aliyundoc.com/test.mp4?etavirp_nuyila=1. [self.player setUrlSource:urlSource];Use VidAuth to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS and MP4 formats)
If streams that are encrypted by using a method other than Alibaba Cloud proprietary cryptography exist or unencrypted streams exist, you can set the encryption method to AliyunVodEncryption to filter videos that are encrypted by using Alibaba Cloud proprietary cryptography.
AVPVidAuthSource *authSource = [[AVPVidAuthSource alloc] init]; authSource.vid = @"Vid"; // Required. The video ID. authSource.playAuth = @"<yourPlayAuth>"; // Required. The playback credential. To obtain a playback credential, call the GetVideoPlayAuth operation in ApsaraVideo VOD. authSource.region = @"Access region"; // This parameter is deprecated in ApsaraVideo Player SDK V5.5.5.0 or later. If you use ApsaraVideo Player SDK V5.5.5.0 or later, the player automatically parses the region information. If you use ApsaraVideo Player SDK V5.5.5.0 or earlier, this parameter is required. Specify the ID of the region in which ApsaraVideo VOD is activated for this parameter. Default value: cn-shanghai. // authSource.authTimeout=3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. // Build the config parameter based on VidPlayerConfigGenerator. VidPlayerConfigGenerator* config = [[VidPlayerConfigGenerator alloc]init]; [config addVidPlayerConfigByStringValue:@"EncryptType" value:@"AliyunVodEncryption"]; // Optional. If you set the encryption method to AliyunVodEncryption, only videos that are encrypted by using Alibaba Cloud proprietary cryptography are returned. authSource.playConfig = [config generatePlayerConfig]; [self.player setAuthSource:authSource];Use VidSts to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS and MP4 formats)
If streams that are encrypted by using a method other than Alibaba Cloud proprietary cryptography exist or unencrypted streams exist, you can set the encryption method to AliyunVodEncryption to filter videos that are encrypted by using Alibaba Cloud proprietary cryptography.
AVPVidStsSource *source = [[AVPVidStsSource alloc] init]; source.region = @"Access region"; // Required. The region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. source.vid = @"Vid"; // Required. The ID of the video. source.securityToken = @"<yourSecurityToken>"; // Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. source.accessKeySecret = @"<yourAccessKeySecret>"; // Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. source.accessKeyId = @"<yourAccessKeyId>"; // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. // source.authTimeout = 3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. // Build the config parameter based on VidPlayerConfigGenerator. VidPlayerConfigGenerator* config = [[VidPlayerConfigGenerator alloc]init]; [config addVidPlayerConfigByStringValue:@"EncryptType" value:@"AliyunVodEncryption"]; // Optional. If you set the encryption method to AliyunVodEncryption, only videos that are encrypted by using Alibaba Cloud proprietary cryptography are returned. source.playConfig = [config generatePlayerConfig]; // Configure the playback source. [self.player setStsSource:source];Use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography (HLS format)
If you use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography, you must specify the streaming URL and STS token and set the encryption method to ENCRYPTION_TYPE_ALIVODENCRYPTION. Sample code:
Configure a playback source.
Set AVPLiveStsSource as the playback source.
// Create the AVPLiveStsSource playback source. You must set encryptionType to ENCRYPTION_TYPE_ALIVODENCRYPTION. AVPLiveStsSource *liveStsSource = [[AVPLiveStsSource alloc] initWithUrl:@"Streaming URL" accessKeyId:@"Temporary AccessKey ID" accessKeySecret:@""Temporary AccessKey secret" securityToken:@"Security token" region:@"Region name" domain:@"Streaming domain" app:@"Application name" stream:@"Stream name" encryptionType:ENCRYPTION_TYPE_ALIVODENCRYPTION];// Required. Set the encryption method to ENCRYPTION_TYPE_ALIVODENCRYPTION. // Configure the playback source. [self.aliPlayer setLiveStsSource:liveStsSource]; ...... // Prepare for playback. [self.aliPlayer prepare];Check whether the STS token is valid.
The encryption key may change during the playback of encrypted live streams. The player sends a request to obtain the latest key from STS. You must check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.
__weak typeof(self) weakSelf = self; [self.aliPlayer setVerifyStsCallback:^AVPStsStatus(AVPStsInfo info) { if (The token can be used) { return Valid; } if(A valid STS token can be obtained){ Obtain STS();// This operation can be synchronously or asynchronously performed. return Pending; } [weakSelf.aliPlayer stop]; return Invalid; }];NoteAfter you obtain a valid STS token, call
updateLiveStsInfoto update the STS token. If the token failed to be obtained, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.[self.aliPlayer updateLiveStsInfo:self.liveStsSource.accessKeyId accKey:self.liveStsSource.accessKeySecret token:self.liveStsSource.securityToken region:self.liveStsSource.region];
HLS encryption
Overview
HLS encryption supports common encryption solutions that are specified in HLS. HLS encryption uses AES-128 to encrypt video content and supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos. Compared with Alibaba Cloud proprietary cryptography, HLS encryption is more flexible but is difficult to use and less secure.
For more information about the mechanism and limits of HLS encryption, seeHLS encryption.
Configure HLS encryption
For more information about how to configure HLS encryption, see HLS encryption.
Use ApsaraVideo Player SDK for Web
Limits
HLS encryption supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos. The following content describes how to play an HLS-encrypted video in ApsaraVideo Player. ApsaraVideo Player supports the transmission of the user token. Alibaba Cloud CDN dynamically modifies the decryption URI in the .m3u8 file. The decryption URI contains the user token. Then, you can verify the user token.
Procedure
You can embed ApsaraVideo Player SDK for Web into a web page to play videos encrypted by using Alibaba Cloud proprietary cryptography.
For more information about how to embed ApsaraVideo Player SDK for Web into a web page, see Quick integration.
Before you use ApsaraVideo Player SDK for Web, make sure that your browser supports the playback of HLS-encrypted videos. The following items describe the compatibility of ApsaraVideo Player.
HTML5 players can be used in browsers on mobile devices and PCs. For more information about supported browsers, see Features of the HTML5 player supported by browsers.
Flash players can be used only in browsers on PCs. For more information, see Browsers supported by the Flash player.
2.
Use VidAuth to play an HLS-encrypted on-demand video
If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:
let player = new Aliplayer({
id:'J_prismPlayer',
vid:'<your video ID>', // Required. The ID of the audio or video file. Example: 1e067a2831b641db90d570b6480f****.
playauth:'<your PlayAuth>', // Required. The playback credential.
playConfig: { // Optional.
MtsHlsUriToken: '', // Optional. You can pass this parameter if you want to verify MtsHlsUriToken.
EncryptType: 'HLSEncryption', // Optional. If you set the encryption type to HLSEncryption, only videos that are encrypted by using HLS encryption are returned.
},
});Use VidSts to play an HLS-encrypted on-demand video
If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:
let player = new Aliplayer({
id: 'J_prismPlayer',
vid : '<your video ID>', // Required. After you upload an audio or video file, you can log on to the ApsaraVideo VOD console and choose Media Files > Audio/Video to view the ID of the audio or video file. Alternatively, you can call the SearchMedia operation provided by the ApsaraVideo VOD SDK to obtain the ID. Example: 1e067a2831b641db90d570b6480f****.
accessKeyId: '<your AccessKey ID>', // Required. The AccessKey ID is returned when the temporary STS token is generated.
securityToken: '<your STS token>', // Required. The STS token. To generate an STS token, call the AssumeRole operation in STS.
accessKeySecret: '<your AccessKey Secret>', // Required. The AccessKey secret is returned when the temporary STS token is generated.
region: '<region of your video>', // Required. The ID of the region in which the media asset resides, such as cn-shanghai, eu-central-1, or ap-southeast-1.
playConfig: { // Optional.
MtsHlsUriToken: '', // Optional. You can pass this parameter if you want to verify MtsHlsUriToken.
EncryptType: 'HLSEncryption', // Optional. If you set the encryption type to HLSEncryption, only videos that are encrypted by using HLS encryption are returned.
},
};Use UrlSource to play an HLS-encrypted live stream
Similar to the playback of unencrypted videos, you do not need to set additional parameters if you use a streaming URL to play live streams encrypted by using HLS.
let player = new Aliplayer({
id:'J_prismPlayer',
source: '<your play URL>' // The streaming URL can be a third-party streaming URL or a streaming URL that is generated in ApsaraVideo Live.
isLive: true, // Specifies whether to play live streams.
});Use ApsaraVideo Player SDK for Android
Limits
HLS encryption supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos. The following content describes how to play an HLS-encrypted video in ApsaraVideo Player. ApsaraVideo Player supports the transmission of the user token. Alibaba Cloud CDN dynamically modifies the decryption URI in the .m3u8 file. The decryption URI contains the user token. Then, you can verify the user token.
Procedure
You can integrate ApsaraVideo Player SDK for Android into your application. The following content describes how to use ApsaraVideo Player SDK for Android for playback and provides sample code:
Integrate ApsaraVideo Player SDK for Android.
For more information about how to integrate ApsaraVideo Player SDK for Android, see Quick integration.
Create a player for playback.
For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.
Use VidAuth to play an HLS-encrypted on-demand video
If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:
VidAuth vidAuth = new VidAuth(); VidPlayerConfigGen playerConfig = new VidPlayerConfigGen(); playerConfig.setEncryptType(VidPlayerConfigGen.EncryptType.HLSEncryption);// Optional. If you set the encryption method to HLSEncryption, only videos that are encrypted by using HLS encryption are returned. playerConfig.setMtsHlsUriToken("User token");// Optional. Specify this parameter if you want to verify the user token. vidAuth.setPlayConfig(playerConfig); vidAuth.setVid("Video ID");// Required. The video ID. vidAuth.setPlayAuth("Playback credential"); // Required. The playback credential. To obtain the playback credential, call the GetVideoPlayAuth operation in ApsaraVideo VOD. vidAuth.setRegion("Access region"); // This parameter is deprecated in ApsaraVideo Player SDK V5.5.5.0 or later. If you use ApsaraVideo Player SDK V5.5.5.0 or later, the player automatically parses the region information. If you use ApsaraVideo Player SDK V5.5.5.0 or earlier, this parameter is required. Specify the ID of the region in which ApsaraVideo VOD is activated for this parameter. Default value: cn-shanghai. // vidAuth.setAuthTimeout(3600);// Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. aliPlayer.setDataSource(vidAuth);Use VidSts to play an HLS-encrypted on-demand video
If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:
VidSts vidSts = new VidSts(); VidPlayerConfigGen playerConfig = new VidPlayerConfigGen(); VidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.HLSEncryption);// Optional. If you set the encryption method to HLSEncryption, only videos that are encrypted by using HLS encryption are returned. playerConfig.setMtsHlsUriToken("User token");// Optional. Specify this parameter if you want to verify the user token. vidSts.setPlayConfig(playerConfig); vidSts.setVid("Vid"); // Required. The video ID. vidSts.setAccessKeyId("<yourAccessKeyId>"); // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. vidSts.setAccessKeySecret("<yourAccessKeySecret>");// Required. The AccessKey secret that is issued together with the STS token. To generate the AccessKey secret, call the AssumeRole operation in STS. vidSts.setSecurityToken("<yourSecurityToken>");// Required. The security token. To generate an STS token, call the AssumeRole operation in STS. vidSts.setRegion("Access region"); // Required. The ID of the region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. // vidAuth.setAuthTimeout(3600);// The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. aliPlayer.setDataSource(vidSts);Use UrlSource to play an HLS-encrypted live stream
Similar to the playback of unencrypted videos, you do not need to set additional parameters if you use a streaming URL to play live streams encrypted by using HLS.
UrlSource urlSource = new UrlSource(); urlSource.setUri("Streaming URL");// Required. The streaming URL that is encrypted by using HLS. aliPlayer.setDataSource(urlSource);
Use ApsaraVideo Player SDK for iOS
Limits
HLS encryption supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos. The following content describes how to play an HLS-encrypted video in ApsaraVideo Player. ApsaraVideo Player supports the transmission of the user token. Alibaba Cloud CDN dynamically modifies the decryption URI in the .m3u8 file. The decryption URI contains the user token. Then, you can verify the user token.
Procedure
You can integrate ApsaraVideo Player SDK for iOS into your application. The following content describes how to use ApsaraVideo Player SDK for iOS for playback and provides sample code:
Integrate ApsaraVideo Player SDK for iOS.
For more information about how to integrate ApsaraVideo Player SDK for iOS, see Quick integration.
Create a player for playback.
For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.
Use VidAuth to play an HLS-encrypted on-demand video
If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:
AVPVidAuthSource *authSource = [[AVPVidAuthSource alloc] init]; authSource.vid = @"Vid"; // Required. The video ID. authSource.playAuth = @"<yourPlayAuth>"; // Required. The playback credential. To obtain a playback credential, call the GetVideoPlayAuth operation in ApsaraVideo VOD. authSource.region = @"Access region"; // This parameter is deprecated in ApsaraVideo Player SDK V5.5.5.0 or later. If you use ApsaraVideo Player SDK V5.5.5.0 or later, the player automatically parses the region information. If you use ApsaraVideo Player SDK V5.5.5.0 or earlier, this parameter is required. Specify the ID of the region in which ApsaraVideo VOD is activated for this parameter. Default value: cn-shanghai. // authSource.authTimeout=3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. // Build the config parameter based on VidPlayerConfigGenerator. VidPlayerConfigGenerator* config = [[VidPlayerConfigGenerator alloc]init]; [config addVidPlayerConfigByStringValue:@"EncryptType" value:@"HLSEncryption"]; // Optional. If you set the encryption method to HLSEncryption, only videos that are encrypted by using HLS encryption are returned. [config setHlsUriToken: @"xxxxxxx"]; // Optional. You can pass this parameter if you want to verify MtsHlsUriToken. source.playConfig = [config generatePlayerConfig]; // Configure the playback source. [self.player setAuthSource:authSource];Use VidSts to play an HLS-encrypted on-demand video
If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:
AVPVidStsSource *source = [[AVPVidStsSource alloc] init]; source.vid = @"Vid"; // Required. The ID of the video. source.region = @"Access region"; // Required. The region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. source.securityToken = @"<yourSecurityToken>"; // Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. source.accessKeySecret = @"<yourAccessKeySecret>"; // Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. source.accessKeyId = @"<yourAccessKeyId>"; // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. // source.authTimeout = 3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. // Build the config parameter based on VidPlayerConfigGenerator. VidPlayerConfigGenerator* config = [[VidPlayerConfigGenerator alloc]init]; [config addVidPlayerConfigByStringValue:@"EncryptType" value:@"HLSEncryption"]; // Optional. If you set the encryption method to HLSEncryption, only videos that are encrypted by using HLS encryption are returned. [config setHlsUriToken: @"xxxxxxx"]; // Optional. You can pass this parameter if you want to verify MtsHlsUriToken. source.playConfig = [config generatePlayerConfig]; // Configure the playback source. [self.player setStsSource:source];Use UrlSource to play an HLS-encrypted live stream
Similar to the playback of unencrypted videos, you do not need to set additional parameters if you use a streaming URL to play live streams encrypted by using HLS.
AVPUrlSource *urlSource = [[AVPUrlSource alloc] urlWithString:url]; // Required. The HLS-encrypted streaming URL. [self.player setUrlSource:urlSource];
FAQ
For more information about the common questions about HLS encryption and corresponding solutions, see FAQ about HLS encryption.
DRM encryption
Overview
ApsaraVideo VOD supports DRM encryption technologies that are commonly used in the industry. You can add and manage DRM certificates and enable DRM encryption in the ApsaraVideo VOD console to ensure the security of your copyrighted video content. Widevine and Fairplay DRM encryption are supported.
For more information about the benefits and architecture of DRM encryption, see Introduction.
Configure DRM encryption
You can enable this feature only in the ApsaraVideo VOD console. For more information, see Enable DRM encryption.
Use ApsaraVideo Player SDK for Web
Limits
You can use only ApsaraVideo Player to play DRM-encrypted videos.
Procedure
You can embed ApsaraVideo Player SDK for Web into a web page to play videos encrypted by using Alibaba Cloud proprietary cryptography. Sample code:
Before you use ApsaraVideo Player SDK for Web, make sure that your browser supports the playback of DRM-encrypted videos. The following items describe the compatibility of ApsaraVideo Player.
HTML5 players can be used in browsers on mobile devices and PCs. For more information about supported browsers, see the Features of the HTML5 player supported by browsers section of the Overview topic.
Flash players can be used only in browsers on PCs. For more information, see the Browsers supported by the Flash player section of the Overview topic.
Use VidSts to play a DRM-encrypted on-demand video
If you use VidSts to play a DRM-encrypted on-demand video, you must set the isDrm parameter to true. This setting is optional if you play an unencrypted video. isDrm: true means that DRM encryption is enabled.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
<title>Demo for the playback of a DRM-encrypted on-demand video</title>
<link rel="stylesheet" href="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/skins/default/aliplayer-min.css" />
<script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/aliplayer-min.js"></script>
</head>
<body>
<div class="prism-player" id="J_prismPlayer"></div>
<script>
var player = new Aliplayer({
id: 'J_prismPlayer',
width: '100%',
isDrm: true,
vid : '<your video ID>',// Required. You can log on to the ApsaraVideo VOD console and choose Media Files > Audio/Video to obtain the video ID. Example: 1e067a2831b641db90d570b6480f****.
accessKeyId: '<your AccessKey ID>',// Required. The AccessKey ID of the temporary AccessKey pair. To obtain the AccessKey ID, call the AssumeRole operation in STS.
securityToken: '<your STS token>',// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS.
accessKeySecret: '<your AccessKey secret>',// Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS.
region: '<region of your video>', // Required. The ID of the region in which the media asset is stored, such as cn-shanghai, eu-central-1, or ap-southeast-1.
certId: '<your certificate ID>', // This parameter is required for playback on Apple devices. This parameter is used to request an Apple certificate. You can obtain the value of this parameter in the ApsaraVideo VOD console or the ApsaraVideo Live console based on how DRM encryption is performed.
// authTimeout: 7200, // The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 7200 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete.
},function(player){
console.log('The player is created.')
});
</script>
</body>
</html>Use LiveStsSource to play a DRM-encrypted live stream
If you use LiveStsSource to play a DRM-encrypted live stream, you must specify the streaming URL and STS token. For more information, see Use STS to upload videos. Sample code:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
<title>Demo for playing a DRM-encrypted live stream</title>
<link rel="stylesheet" href="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/skins/default/aliplayer-min.css" />
<script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/aliplayer-min.js"></script>
</head>
<body>
<div class="prism-player" id="J_prismPlayer"></div>
<script>
var player = new Aliplayer({
id: 'J_prismPlayer',
width: '100%',
isLive: true, // Set this parameter to true.
isDrm: true,
source: '<your live stream url>',// Required. The streaming URL of the live stream that is encrypted by DRM.
accessKeyId: '<your AccessKey ID>',// Required. The AccessKey ID of the temporary AccessKey pair. To obtain the AccessKey ID, call the AssumeRole operation in STS.
securityToken: '<your STS token>',// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS.
accessKeySecret: '<your AccessKey secret>',// Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS.
region: '<region of your video>', // Required. The ID of the region in which the media asset is stored, such as cn-shanghai, eu-central-1, or ap-southeast-1.
certId: '<your certificate ID>', // This parameter is required for playback on Apple devices. This parameter is used to request an Apple certificate. You can obtain the certificate ID from the ApsaraVideo VOD or ApsaraVideo Live console.
},function(player){
console.log('The player is created.')
});
</script>
</body>
</html>Use ApsaraVideo Player SDK for Android
Limits
You can use only ApsaraVideo Player to play DRM-encrypted videos.
Procedure
You can integrate ApsaraVideo Player SDK for Android into your application. The following content describes how to use ApsaraVideo Player SDK for Android for playback and provides sample code:
Integrate ApsaraVideo Player SDK for Android.
For more information about how to integrate ApsaraVideo Player SDK for Android, see Quick integration.
Create a player for playback.
For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.
NoteIf you use ApsaraVideo Player for Android, we recommend that you use SurfaceView to play videos with high security levels.
Use VidSts to play a DRM-encrypted on-demand video
Similar to the playback of unencrypted videos, you do not need to set additional parameters if you use VidSts to play on-demand videos encrypted by using DRM.
VidSts vidSts = new VidSts(); vidSts.setVid("Vid"); // Required. The video ID. vidSts.setAccessKeyId("<yourAccessKeyId>"); // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. vidSts.setAccessKeySecret("<yourAccessKeySecret>");// Required. The AccessKey secret that is issued together with the STS token. To generate the AccessKey secret, call the AssumeRole operation in STS. vidSts.setSecurityToken("<yourSecurityToken>");// Required. The security token. To generate an STS token, call the AssumeRole operation in STS. vidSts.setRegion("Access region"); // Required. The ID of the region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. // vidAuth.setAuthTimeout(3600);// The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. aliPlayer.setDataSource(vidSts);Use LiveStsSource to play a DRM-encrypted live stream
If you use LiveStsSource to play a live stream encrypted by using DRM, you must specify the streaming URL and STS token and set the encryption method to WideVine_FairPlay. Sample code:
Configure a playback source.
Set AVPLiveStsSource as the playback source.
// Create the AVPLiveStsSource playback source. You must set EncryptionType to WideVine_FairPlay. LiveSts liveSts = new LiveSts(); liveSts.setUrl("<your live stream url>");// Required. The HLS URL of the live stream that is encrypted by DRM. liveSts.setAccessKeyId("<your AccessKey ID>");// Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. liveSts.setAccessKeySecret("<your AccessKey secret>");// Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. liveSts.setSecurityToken("<your STS token>");// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. liveSts.setDomain("<your Domain>");// Required. The streaming domain. liveSts.setApp("<your App Name>");// Required. The name of the application to which the live stream belongs. liveSts.setStream("<your Stream Name>");// Required. The name of the live stream. liveSts.setEncryptionType(LiveSts.LiveEncryptionType.WideVine_FairPlay);// Required. Set the encryption method to WideVine_FairPlay. liveSts.setRegion("<region of your video>");// Required. The region in which ApsaraVideo VOD is activated, such as cn-shanghai. // Configure the playback source. aliPlayer.setDataSource(liveSts); // Prepare for playback. aliPlayer.prepare();Check whether the STS token is valid.
The encryption key may change during the playback of encrypted live streams. The player sends a request to obtain the latest key from STS. You must check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.
mAliyunVodPlayer.setOnVerifyTimeExpireCallback(new AliPlayer.OnVerifyTimeExpireCallback() { @Override public AliPlayer.Status onVerifySts(StsInfo info) { if (The token can be used){ return IPlayer.StsStatus.Valid; } if(A valid STS token can be obtained){ Obtain STS();// This operation can be synchronously or asynchronously performed. return IPlayer.StsStatus.Pending; } // If the token is invalid and the latest STS token cannot be obtained, we recommend that you stop the playback to prevent screen flickers. mAliyunVodPlayer.stop(); return IPlayer.StsStatus.Invalid; } @Override public AliPlayer.Status onVerifyAuth(VidAuth auth) { return AliPlayer.Status.Valid; } });NoteAfter you obtain a valid STS token, call
updateLiveStsInfoto update the STS token. If the token failed to be obtained, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.mAliyunVodPlayer.updateStsInfo(stsInfo);
Use ApsaraVideo Player SDK for iOS
Limits
You can use only ApsaraVideo Player to play DRM-encrypted videos.
Procedure
You can integrate ApsaraVideo Player SDK for iOS into your application. The following content describes how to use ApsaraVideo Player SDK for iOS for playback and provides sample code:
Integrate ApsaraVideo Player SDK for iOS.
For more information about how to integrate ApsaraVideo Player SDK for iOS, see Quick integration.
Create a player for playback.
For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.
NoteIf you use ApsaraVideo Player SDK for iOS for playback, you must call the
setFairPlayCertIDmethod inAliPlayerGlobalSettingsto specify the ID of your certificate before you call[self.player prepare]. To obtain the certificate ID, perform the following steps: Log on to the ApsaraVideo VOD console. In the left-side navigation pane, choose Configuration Management > Media Processing > DRM Certificates.[AliPlayerGlobalSettings setFairPlayCertID:@"Certificate ID obtained in the ApsaraVideo VOD console"];Use VidSts to play a DRM-encrypted on-demand video
Similar to the playback of unencrypted videos, you do not need to set additional parameters if you use VidSts to play on-demand videos encrypted by using DRM.
AVPVidStsSource *source = [[AVPVidStsSource alloc] init]; source.region = @"Access region"; // Required. The region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. source.vid = @"Vid"; // Required. The ID of the video. source.securityToken = @"<yourSecurityToken>"; // Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. source.accessKeySecret = @"<yourAccessKeySecret>"; // Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. source.accessKeyId = @"<yourAccessKeyId>"; // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. // source.authTimeout = 3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. // Configure the playback source. [self.player setStsSource:source]Use LiveStsSource to play a DRM-encrypted live stream
If you use LiveStsSource to play a live stream encrypted by using DRM, you must specify the streaming URL and STS token and set the encryption method to ENCRYPTION_TYPE_FAIRPLAY. Sample code:
Configure a playback source.
Set AVPLiveStsSource as the playback source.
// Create the AVPLiveStsSource playback source. You must set encryptionType to ENCRYPTION_TYPE_FAIRPLAY. AVPLiveStsSource *liveStsSource = [[AVPLiveStsSource alloc] initWithUrl:@"Streaming URL" accessKeyId:@"Temporary AccessKey ID" accessKeySecret:@""Temporary AccessKey secret" securityToken:@"Security token" region:@"Region name" domain:@"Streaming domain" app:@"Application name" stream:@"Stream name" encryptionType:ENCRYPTION_TYPE_FAIRPLAY];// Required. Set the encryption method to ENCRYPTION_TYPE_FAIRPLAY. // Configure the playback source. [self.aliPlayer setLiveStsSource:liveStsSource]; ...... // Prepare for playback. [self.aliPlayer prepare];Check whether the STS token is valid.
The encryption key may change during the playback of encrypted live streams. The player sends a request to obtain the latest key from STS. You must check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.
__weak typeof(self) weakSelf = self; [self.aliPlayer setVerifyStsCallback:^AVPStsStatus(AVPStsInfo info) { if (The token can be used) { return Valid; } if(A valid STS token can be obtained){ Obtain STS();// This operation can be synchronously or asynchronously performed. return Pending; } [weakSelf.aliPlayer stop]; return Invalid; }];NoteAfter you obtain a valid STS token, call
updateLiveStsInfoto update the STS token. If the token failed to be obtained, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.[self.aliPlayer updateLiveStsInfo:self.liveStsSource.accessKeyId accKey:self.liveStsSource.accessKeySecret token:self.liveStsSource.securityToken region:self.liveStsSource.region];