ApsaraVideo Live allows you to configure a stream ingest callback URL and authenticate the callback URL. This helps prevent live streaming exceptions that are caused by unauthorized access. This topic describes how to configure a stream ingest callback URL and how to authenticate the callback URL.
Procedure
If you want to receive callback messages related to stream ingest, perform the following steps to configure a stream ingest callback URL and authenticate the callback URL.
For more information about the callback logic and callback authentication, see Callback logic and Callback authentication.
Log on to the ApsaraVideo Live console.
In the left-side navigation pane, click Domain Names. The Domain Management page appears.
Find the ingest domain that you want to configure and click Domain Settings in the Actions column.
Choose . On the page that appears, click the Stream Ingest Information tab.
Click the Edit icon next to Callback URL. The Configure Callback URL dialog box appears.
In the dialog box, configure the settings.
Specify a stream ingest callback URL.
Select whether to enable authentication for the callback URL.
If you require authentication, turn on Authentication, specify Cryptographic Key, and then click OK.
If you do not require authentication, simply click OK.
Callback logic
Callback logic for the publish status in ingest and disconnection callbacks
For RTMP stream ingest, if the ingest client does not disconnect within 2 seconds after the ApsaraVideo Live service receives an On Publish message, ApsaraVideo Live sends a callback to indicate a successful ingest.
If you have an ingest domain A and a streaming domain B, and you want to receive callbacks for stream pulling on domain B (scheduled or triggered back-to-origin pulling), you must configure an Ingest Callback for domain A. After the configuration, the callback logic for stream pulling on domain B is the same as described in the preceding item. A successful connection is assumed if the stream is not actively disconnected within 2 seconds after the connection is established.
In addition to using callback notifications to determine whether stream ingest and stream pulling are successful, we recommend that you also use the Query the list of active streams for a domain API to verify that stream ingest is successful before you distribute the live stream playback URL.
If no streaming data is pushed to the live center for 10 seconds, the ApsaraVideo Live service automatically disconnects the stream ingest.
Callback authentication
By default, authentication for stream ingest callbacks is disabled. You can enable the feature when you specify the stream ingest callback URL. After you enable the feature, the following authentication logic applies:
When ApsaraVideo Live initiates a callback request, it includes the
ALI-LIVE-TIMESTAMPandALI-LIVE-SIGNATUREheaders in the HTTP or HTTPS request so that the callback message receiving server can authenticate the signature. The value ofALI-LIVE-SIGNATUREis calculated based on the following formula:ALI-LIVE-SIGNATURE = MD5SUM (MD5CONTENT)MD5CONTENT = Domain name|ALI-LIVE-TIMESTAMP value|Cryptographic keyNoteDomain name is the ingest domain for which you configure the callback URL.
Cryptographic key is the key that you configure for the callback URL.
Request header names are case-insensitive.
After receiving a callback message, the callback message receiving server concatenates the domain name of the callback, value of the
ALI-LIVE-TIMESTAMPheader, and cryptographic key in the preceding format. The server calculates the MD5 value of the string to obtain an encrypted string. Then, the server compares the encrypted string with the value of theALI-LIVE-SIGNATUREheader in the HTTP or HTTPS request initiated by ApsaraVideo Live. If the two values are different, the request is invalid.