How to use API connector to deliver AES encrypted video

This blog demonstrates how to use API connector to deliver AES encrypted video with token authentication. Azure Media Services API connector allows you to stand up a web services with a set of simple APIs enabled, so you could upload, encode, encrypt and deliver a video content. The authentication mechanism for your API access are built-in.

API connector hosts the following set of APIs for you and these APIs are making calls to Azure Media Services REST APIs to perform corresponding actions. For instance, once you mark your video upload completed, AMS will start to encode video with multiple-bitrate 720P profile, configure the video to be AES 128 encrypted by supplying a content key and token authorization policy, lastly publish the video so you could get a streaming URL to stream your video. As you can see, we simply all these steps you need to do with AMS APIs to only one API call with API connector.

API_connector_1

Please refer to this blog if you want to know more about why you should choose AMS API connector.

1. Sign up for API connector service

You need to go to the new portal by click on the very right corner icon on the old portal. Select Marketplace –> API Apps –> Select Azure Media Services. The documentation on Connector introduction page is very useful so remember to download it.

API_connector

Then you will be asked to fill in the following:

  • Name: this is the name of your API connector account and it has to be unique globally.
  • Package Settings: this requires you to provide a Media Account name, which needs to be unique globally. It CAN’T be an existing Media Services account.
  • App Service Plan: it could be either a free plan or standard plan.

After a few minutes, the API connector service will be created for you. if your account creation failed, it was very likely that you are using an existing media services account name, we haven’t add portal naming validation yet.

2. API connect authentication and Swagger UI

For demonstration purpose, I am going to set public access for my API endpoint. Click on Settings on your API connect homepage, find application settings, and choose On with Access level of Public (anonymous). This blog helps you understand how you could put authentication on API access with authentication system such as Active Directory. You probably won’t want to leave your API access as open.

Once you are done changing API connect access setting, click on URL on Essentials, that’s your API endpoint. Append /Swagger at the end of your endpoint URI and you can get a swagger tool to interact with your APIs. The interface looks like this showed below:

Swagger_start

3. Create video with encryption option selected

Request Headers

Request Body

It looks like this in my Swagger Window:

Swagger1

You will get the following response body. There are several parameters will be used later, such as UploadUri and Id.

swagger2

4. Upload video to Azure blob storage

You will get a upload URL from the response body of step 3. Copy it and use this tool to upload your video: http://mediaupload.azurewebsites.net/.

5. Mark video upload completed

After the upload is completed, please use the following API call to mark the completion of your video upload. Please grab video ID from the response for step 3. The encoding job will get kick-started after you mark the completion of video upload.

markComplete

6. Wait for encoding to be completed

Get Content Protection ID from Get Video API call

GetVideoInfo

The highlighted is ContentProtectionKeyId, copy that for step 7.

swagger4

7. Get Authorization Token to playback encrypted content (you will have to refresh the video entity to get the ContentProtectionKeyId).

GetToken

This token is used to plugin into player when playing back Smooth Streaming or DASH on PC. For HLS Safari, the token comes along with your playback URL, you don’t need extra step to retrieve token.

8. Get Playback URL for the desired playback format

For non-HLS playback, you can retrieve the URL inserted in Azure Media Player by typing the following:

NonHLSplayback

For HLS playback, please request with endpointType as HLS.

Then you will get a streaming URL that looks like this: https://cvprbl203v.cloudvideo.azure.net/api/ManifestProxy?playbackUrl=http://cdn-cvprbl203m01.streaming.mediaservices.windows.net/e37ae735-3447-4155-8b5d-7be8229a8198/3ee0e5da-c9df-4293-82a8-43acb08bf5cf.ism/Manifest(format=m3u8-aapl)&token=xxx. This is due to the limitation on how Safari handles Token, please refer to my blog for the implementation. However, by using API connector, we set up the proxy server on your behalf so you don’t need to worry about any of this.

9. Get Thumbnail URL for the image to be displayed

The last step is that API connector service generates Thumbnail as well. Here is the call you could make to retrieve the thumbnail. It will give you a thumbnail at time 0.

10. How to use Azure Media Player to playback AES encrypted content

You could use Azure Media Player to playback AES encrypted content in different browsers. Here is a code snippet on how to embed streaming endpoint URL for Smooth Streaming and DASH protocol, and HLS endpoint URL for HLS protocol.

For the code above, you disabled URL write capability on the player when it plays back HLS stream. And for DASH and Smooth Streaming protocol, the player will request different type of streams based on your player’s capability.

Leave a Reply

Your email address will not be published. Please enter your name, email and a comment.