Documentation
Live Streaming
Develop your app
Live Streaming
CDN
Stream-publishing authentication

Stream-publishing authentication

Last updated：2023-05-17 19:58

Introduction

To prevent attackers from stealing your stream-publishing URL address and using it to publish streams elsewhere, or forging your server to generate stream-publishing URL addresses, resulting in traffic loss, you can configure "Stream-publishing Authentication" through the ZEGOCLOUD Admin console to protect your stream. When authentication is enabled, you need to concatenate the relevant authentication parameters in the stream-publishing URL address, otherwise, you will not be able to publish streams.

After configuring "Stream-publishing Authentication" through the ZEGOCLOUD console, please keep the Key safe and do not disclose it easily to prevent attackers from obtaining it and causing losses.
If you are relaying the published/mixed streams to CDN via RTC, the ZEGOCLOUD server will automatically generate and concatenate the URL address parameters for you, and you do not need to generate them yourself. However, if you are publishing streams through a third-party platform, you need to generate and concatenate the relevant parameters yourself.

Authentication instructions

After enabling "Stream-publishing Authentication", the complete URL address will be as follows:

rtmp://domain/live/{streamID} ? wsSecret={md5hash}&wsABStime={hex(time)}

domain: domain live: access point {streamID}: stream ID wsSecret={md5hash}&wsABStime={hex(time)}: authentication parameter

1 Get the domain & Generate authentication key

Go to ZEGOCLOUD Admin Console > Project Management > Service Management:

Find the Basic info tab to get the domain.
In your Project Management > Service Management, find Stream-publishing authentication and enable it, then generate the key for authentication.

Note: The Primary Key is required and the Secondary Key is optional. We recommend that you configure both the Primary Key and the Secondary Key. If the Primary Key is leaked, you can smoothly switch to the Secondary Key without affecting your business.

/Pics/A_LiveStreamingSDK/stream_publishing_auth2.jpeg

2 Generate wsABStime

wsABStime refers to the validity period of the stream-publishing URL.

For example, if the current time is 2018-12-29 11:13:45 and you expect the newly generated URL to be valid for 3 hours, then:

wsABStime can be set to 2018-12-29 14:13:45.
Convert this time to Unix timestamp format (i.e. 1546064025).
Then convert it to hexadecimal format to further compress the character length, resulting in wsABStime = 5C271099 (hexadecimal).

3 Generate wsSecret

The method for generating wsSecret is wsSecret = MD5(wsABStime + StreamName + KEY).

Where:

wsABStime: Refers to the wsABStime generated in 2 Generate wsABStime.
StreamName: Path, in the format of "/access point/streamID".
Key: Refers to the encryption Key configured in 1 Generate authentication key.
MD5: Standard MD5 one-way irreversible hash algorithm.

4 Get the URL address

After completing the above steps, the final address is as follows (example address, this address is only for reference, please do not use it directly online):

rtmp://push-ws1.zego.im/live/123?wsSecret=235cec79bf9483439762ddfd491387e2&wsABStime=5eec9fcc