Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Search instead for 
Did you mean: 
VikR0001
Level 7

Securing Video Content?

We are developing a Roku channel that will have some free and some paid video content. I notice that the RSS feed Roku requires, contains an HTTP location for the videos that Roku will stream.

Is there a standard or recommended way of securing that HTTP location so that people who somehow obtain it won't be able to access the video content without paying?

Thanks in advance to all for any thoughts/info.
0 Kudos
2 Replies
joetesta
Level 10

Re: Securing Video Content?

welcome to roku-land!  Method of securing video depends on video hosting.  Check these threads from the past:
https://forums.roku.com/viewtopic.php?f ... 8&p=521167
https://forums.roku.com/viewtopic.php?f ... 9&p=321826
hope it may help!
aspiring
0 Kudos
norcaljohnny
Level 7

Re: Securing Video Content?

"VikR0001" wrote:
We are developing a Roku channel that will have some free and some paid video content. I notice that the RSS feed Roku requires, contains an HTTP location for the videos that Roku will stream.

Is there a standard or recommended way of securing that HTTP location so that people who somehow obtain it won't be able to access the video content without paying?

Thanks in advance to all for any thoughts/info.

If your concern is ROKU users gaining access to the physical url, it is not possible. There are options to limit the length of video playback on as many items as you choose. See content meta data. 
Server side that is another thing. 
You need to make sure you have security measures in place, such as restricting directories via htaccess on the server, password encrypt directories or use Allow Cross Origin Sharing headers and allow only your domain name or IP as the only site who can share the file and then by putting Origin headers with your domain/ip from the location that serves the file. 
Basically that means YOU request the file with your Origin headers to the location of the file that has CORS enabled to you as the Origin that can share the file.
Hope that makes sense.
0 Kudos