How does Gcore protect video content?
Gcore has several methods of protecting video content:- Protected temporary links
- Country access policy (Geo-restrictions)
- Referrer validation
- AES-128 encryption
What are protected temporary links?
Protected temporary links are generated using the Secure Token feature, which allows configuring access with tokenized URLs. When using this option, you add a special character set to every URL. Check out the examples below with the special characters highlighted in bold. At Gcore, we call these special characters Secure Tokens. VOD:- Public: https://demo-public.gvideo.io/videos/2675_pG8TfmKx2LU2qs/master.m3u8
- Protected: https://demo-protected.gvideo.io/videos/2675_pG8TfmKx2LU2qs/rI1224fiE3USCa8qYnMuGQ/1861919999/master.m3u8
- Public: https://demo-public.gvideo.io/cmaf/2675_19146/master.m3u8
- Protected: https://demo-protected.gvideo.io/cmaf/2675_19146/9y9nJqRofJQw-DbX2LDgYw/1861919999/master.m3u8
- HTTP 2xx response code, if the hash key is valid and unexpired
- HTTP 403 Forbidden response, if the hash key is invalid
- HTTP 410 Gone response, if the hash key is valid but expired
CDN resources and scope of restrictions
Video content hosted via the Video Streaming is viewed and delivered through our CDN, so by default your account has only one hidden CDN resource in the format ******.gvideo.io. The restriction policies, such as the Secure Token for links protection, apply specifically to CDN resources because a CDN resource covers all video content at once. This means you don’t need to create rules and make permissions for each video separately—it is enough to create and apply permissions only once to the CDN resource. Moreover, your account can have several CDN resources leading to the same content (origin). These CDN resources can be with different access policies. So you can combine open access on one CDN resource, and private access on another one, etc.How to enable the secure token feature?
To enable the Secure Token feature and start protecting your links, please check out our product docs on the topic.Format of protected temporary links
Secure Token-protected temporary links have the following format:videos
– for VOD,cmaf
– for LIVE{client_id}
is your account ID{video_id}
is the identifier of the video or live stream{token}
is the MD5 hash of the video and other attributes{expiration}
is the unix time in seconds of how long will the link be valid
https://domain.com/videos/{client_id}_{video_slug}/{token}/{expiration}/
manifest.m3u8https://domain.com/videos/{client_id}_{video_slug}/{token}/{expiration}/
segment-1-svod720n-v1-a1.tshttps://domain.com/videos/{client_id}_{video_slug}/{token}/{expiration}/
720.mp4
https://domain.com/cmaf/{client_id}_{stream_id}/{token}/{expiration}/
master.m3u8https://domain.com/cmaf/{client_id}_{stream_id}/{token}/{expiration}/
index.mpdhttps://domain.com/cmaf/{client_id}_{stream_id}/{token}/{expiration}/
004chunk-stream4-10000000-05213.m4s?part=4