Controlling Playback with the Ooyala Player Token

You can authorize playback using the Ooyala Player Token. (Available only if your Ooyala account includes this functionality. To enable Ooyala Player Token, contact your account manager.)

Limiting playback exclusively to authorized users and exclusively on your page requires the communication of the token request URL to the player, so that the player can utilize this URL throughout authorization. This is accomplished with the following steps:
  • Generate a Token Request and Authorization URL. You generate the signed token request URL on the server-side, specifying a short expiration time as one of the query-string parameters. You must also include your provider code and a comma separated list of embed codes. This URL is passed to our player via a JavaScript callback; its short expiration time prevents it from being lifted from your page and used elsewhere.
  • Set the Token Expiration Time. You need to set an expiration time for the Playback Token in your Backlot Syndication tab. Note that this expiration time is independent of the token request expiration time. Its function is to specify how long the token (issued by Ooyala) will be valid, and it controls the viewer’s access to authorized players for the specified interval. space.

  • Embed the URL to Issue Authorization. When the crafted token request URL is forwarded to the player, Ooyala’s authorization response will send an authorization/no-authorization decision. Once the client receives an affirmative authorization response, video playback is enabled.

  • Playback Authorization. Before the video starts playing, the Ooyala player sends the authentication request and receives the token. When the authorization server validates the URL, it authorizes playing the content. The authorization is in effect until the session expires. If the session expires, the viewer needs to refresh the browser.
Note: If the URL is not valid, it will display an error message. For more information about the error, see the "Error Types" topic in this document.

Two Types of Expiration Times

With this design, you should note the difference between the two expiration times. You need to set:
  • One expiration time on the token request (the URL that will be embedded on the page—adjustable by the provider’s server-side implementation). Use a short expiration time on the URL snippet so that the snippet cannot be replicated across other domains (it can be embedded, but will become nonfunctional).
  • The other expiration time on the token object itself (expiry time adjustable through your Backlot account). A longer expiration time may be set (if desirable) on the token object, since the Same Origin Policy protects its distribution.

Combining the Ooyala Token with Other Content Authorization Types

The Ooyala Player Token works either singly or in conjunction with other types Digital Rights Management (DRM) solutions that Ooyala provides (or supports) to ensure that users can have access to authorized content. You can also use the Ooyala Player Token in conjunction with:
  • Ooyala's Rights Locker entitlement enforcement system
  • Ooyala's device registration system
  • A CDN token to prevent unauthorized sharing of a direct link to an Real Time Messaging Protocol (RTMP) stream.
  • Encrypted delivery (such as RTMPE or HLS AES Encryption) to prevent recording of a stream.
  • DRM Technologies (such as Flash Access) to enforce usage rights on content.