Help

Roku Developer Program

Join our online forum to talk to Roku developers and fellow channel creators. Ask questions, share tips with the community, and find helpful resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
tcb256
Visitor
‎10-14-2016 02:15 PM

Secure Token Authorization

I had all but given up on my Livestream.com feed ever getting on Roku.  Recently Livestream.com made inroads to access the livestream.com feed.   But in order to gain access to it we must use a Secure Token Authorization method.  It does an MD5 hash on the Account ID & timestamp and passes that back to the server.   I've gotten livestream.com's examples to work but I've not found any recent docs/info on implementing this method into a Roku channel.   

All of Livestream's goodies can be found here:  https://github.com/Livestream/livestream-api-samples/tree/master/api-keys-auth-sample

In the sample above there are about 5 different javascript files that work together in order to get the "Secret API Key" without it being exposed to the world.

I'm hoping a wise and kind soul can point me in the direction I should go to study this out for building it.  Your comments are appreciated!

Thank You,
tcb256
0 Kudos
Reply
3 REPLIES 3
belltown
Roku Guru
‎10-14-2016 03:07 PM

Re: Secure Token Authorization

You need your own server (running somewhere other than on a Roku device) to generate the secure token by taking the MD5 hash of your API key, the timestamp, and the scope. The server returns the secure token in a response to your client (Roku) request. The client then includes the secure token in the video playback URL.

However...

You could conceivably generate the secure token within your client application (Roku channel). Livestream doesn't want you doing that to prevent a user gaining access to the API key from the client application. But since the Roku is not a web browser, the API key wouldn't be exposed, so I don't see a problem with doing it from within a Roku channel.
https://github.com/belltown/
0 Kudos
Reply
belltown
Roku Guru
‎10-14-2016 03:51 PM

Re: Secure Token Authorization

Try something like this (untested) code to get the secure token from within your Roku channel:

Sub Main () 
    timestamp = CreateObject ("roDateTime").AsSeconds ().ToStr () 
    token = generateToken ("secretapikey", "readonly", timestamp) 
    Print token 
    Stop 
End Sub 
 
Function generateToken (apiKey As String, scope As String, timestamp As String) As String 
    token = "" 
    hmac = CreateObject ("roHMAC") 
    baKey = CreateObject ("roByteArray") 
    baKey.FromAsciiString (apiKey) 
    If hmac.Setup ("md5", baKey) = 0 
      baMessage = CreateObject ("roByteArray") 
      baMessage.FromAsciiString (apiKey + ":" + scope + ":" + timestamp) 
      hmac.Update (baMessage) 
      baResult = hmac.Final () 
      If baResult.Count () > 0 
        token = baResult.ToHexString () 
      End If 
    End If 
    Return token 
End Function
https://github.com/belltown/
0 Kudos
Reply
tcb256
Visitor
‎10-17-2016 04:16 PM

Re: Secure Token Authorization

Thank You for Your Support Brother!

I'll work with this code tonight and report back my progress soon.

tcb256
0 Kudos
Reply