This topic describes the methods that you can use to play videos. This topic also describes how to play videos.

Playback methods

  • Play videos based on their playback URLs
    • Scenario: Videos transcoded by ApsaraVideo Media Processing (MPS) have specific output URLs. To play a transcoded video, you can directly pass its Object Storage Service (OSS) URL or Content Delivery Network (CDN) URL to ApsaraVideo Player SDK.
    • Advantage: The server generates playback URLs so that the client can directly use the URLs to play videos.
    • Disadvantage: The server needs to implement OSS authentication or CDN authentication and use domain names to concatenate playback URLs. In addition, neither automatic nor manual resolution switching can be implemented on the client.
  • Play videos based on their media IDs
    • Advantage: In media workflows, each input media file is uniquely specified by a media ID. You can associate multiple output formats and resolutions with a media ID. This way, if you play a media file based on its media ID, you can play the media file in different formats and automatically switch between resolutions.
    • Playback method: Use Security Token Service (STS) of Resource Access Management (RAM) to play videos based on their media IDs. STS does not use the permissions of your Alibaba Cloud account. Instead, STS allows you to grant limited permissions with specific validity periods to RAM users or RAM roles. This prevents permission abuses and data leaks.
    Note
    • You must play encrypted videos based on their media IDs to ensure security. HTML5 players cannot play encrypted videos. We recommend that you use a Flash player to play encrypted videos on a web client.
    • You can use a media workflow to create a video-on-demand (VOD) file from a live stream. To play the VOD file, you can call the QueryMediaListByURL operation to query the media ID of the VOD file by specifying its URL in request parameters. For more information, see Transcoding SDKs.

Play videos based on their playback URLs

Implement OSS authentication or CDN authentication and use domain names to concatenate playback URLs on the server. Then, directly pass the OSS URL or CDN URL of the video to be played to ApsaraVideo Player SDK. For more information about authentication, see Playback authentication.

Play videos based on their media IDs

To play encrypted videos based on their media IDs, you must use STS of RAM. For more information about STS, see STS.

To encrypt a video, perform the following operations:

  1. Construct a token issuance service to generate the MtsHlsUriToken parameter.
    Notice The token issuance service is used to generate the MtsHlsUriToken parameter.
  2. Call the KMS decryption operation to construct a decryption service and return the DK to the player.
    Notice After you call a KMS operation to receive the Base64-encoded DK from KMS, you must decode the DK by using the Base64 algorithm and return the decoded DK to the player.
  3. Call the QueryMediaList operation of MPS to query the OSS URL of the M3U8 file, add the MtsHlsUriToken parameter to the OSS URL, and then return the OSS URL to the player.
  4. The player uses the MtsHlsUriToken parameter and the DK to require the streaming URL of the video from Alibaba Cloud CDN. Then, Alibaba Cloud CDN modifies the M3U8 file and returns the key URI and EDK to the player. Then, the player decrypts and plays the video.

STS

  1. To use STS, you must attach required policies to a RAM role when you authorize a RAM user. For more information, see Create a RAM user and grant permissions to the RAM user.

  2. After you create and authorize the RAM user, request a security token. For more information, see Request a security token. For more information about the sample code for STS SDKs for different programming languages, see STS SDK for Java, STS SDK for .NET, STS SDK for Python, STS SDK for Node.js, and STS SDK for Go.

Playback authentication

The following table describes the parameters of ApsaraVideo Player SDK.
Parameter Description Type Required
vid The media ID. String Yes
source The playback URL. String Yes
accId The AccessKey ID used to request a security token. String Yes
accSecret The AccessKey secret used to request a security token. String Yes
stsToken The security token. String Yes
domainRegion The region of the media workflow, such as China (Shanghai) or China (Hangzhou). String Yes
authInfo The authentication information. The value is a JSON string. For more information about the content of the JSON string, see the following description. String Yes
The value of the authInfo parameter is a JSON string that contains three arguments:
  • ExpireTime: the time when the authentication expires. When you obtain the playback URL of the specified video, make sure that the authentication is valid. Otherwise, you cannot play the video. The time is displayed in UTC. Non-UTC time must be converted into UTC. Specify the time in the ISO 8601 standard in the yyyy-MM-ddTHH:mm:ssZ format, for example, 2021-03-25T23:59:59Z.
  • MediaId: the media ID of the media file processed by MPS.
  • Signature: the authentication signature used to filter forged requests.
    To calculate a signature, perform the following steps:
    • Set parameters in key-value pairs.
      ExpireTime="2017-03-25T23:59:59Z"
        MediaId="5aa0276ff6204ace950f75acf9e6187b"
    • Create a signature string.

      Concatenate the key-value pairs in alphabetical order with ampersands (&) to create a signature string. Note that values must be URL-encoded.

      ExpireTime=2017-03-25T23%3A59%3A59Z&MediaId=5aa0276ff6204ace950f75acf9e6187b
    • Calculate the signature.

      Calculate the HMAC_SHA1 value in binary of the preceding signature string and encode the HMAC_SHA1 value in the Base64 format.

      In UNIX-like systems, you can run the base64 command of OpenSSL to encode the calculated HMAC_SHA1 value into the Base64 format. If the authentication key is secret, you can run the following command to calculate the signature:
      $echo -n 'ExpireTime=2017-03-25T23%3A59%3A59Z&MediaId=5aa0276ff6204ace950f75acf9e6****' | openssl sha1 -binary -hmac 'secret' | base64
        z7mmSRuTXo4mydiWhRtbu8JKDpM=
    • Generate the signature.
      {
          "ExpireTime":"2017-03-25T23:59:59Z",
          "MediaId":"5aa0276ff6204ace950f75acf9e6****",
          "Signature":"z7mmSRuTXo4mydiWhRtbu8JKDpM="
        }

Player

MPS Player is integrated with ApsaraVideo Player. For more information, see Overview.
Note You can upgrade to ApsaraVideo Player Pro as required.