HLS Decryption Key Retrieval

Yes, you can put extra parameters in the URI field. Also, any parameters passed to the request for the m3u8 itself are inherited by the key acquisition URL (I believe this is not specified in the HLS spec but it is the way the Apple players work, so we duplicated that functionality).

Also note that there's very little security in either of these methods unless you use https rather than http, if a malefactor is sniffing your traffic.

--Mark

Hello Mark,

Do you have any other suggestions to secure the stream? If we use HTTPS, we will not be able to get benefit from CDNs.

Thank you

Thanks Mark. How about having cookies passed when the key request is made? I think I saw a previous post about using the AddHeader method of the video object. Is that correct?

There are a number of ways to retrieve the key, with varying levels of security. You (the content owner) will of course have to decide on what level of security you are comfortable with. One very secure method using client certificates is outlined in section 4.1 of the Encoding Guide and section 4.25 of the Component Reference. Other methods are possible. I believe that AddHeader on the video object will indeed cause those headers to be passed to the key URL.

--Mark