This topic describes how to play an encrypted video and the relevant configurations.

Video encryption

ApsaraVideo VOD provides a complete set of security mechanisms to protect videos from hotlinking and illegal download or distribution. The security mechanisms include access control, URL signing by ApsaraVideo VOD, reauthentication by the customer, video encryption, and secure download.

For more information about the security mechanisms, see Overview. This topic describes how to play videos that are encrypted by using three encryption methods. The following table describes the three methods that can be used to encrypt a video.
Security mechanism Security measure Feature Security level Deployment complexity
Video encryption Alibaba Cloud proprietary cryptography ApsaraVideo VOD provides a cloud-device integrated solution to encrypt videos. The solution uses a proprietary cryptography algorithm to ensure the security of transmission links. High Relatively low. You need to only perform simple configurations and integrate ApsaraVideo Player SDK.
HTTP-Live-Streaming (HLS) encryption HLS encryption uses AES-128 to encrypt video content and supports all HLS-compatible players. However, the keys are prone to theft. Relatively high High. You must construct a key management service and a token issuance service. You must also ensure the security of transmission links.
Commercial digital rights management (DRM) Platforms such as Apple FairPlay and Google Widevine provide native support for DRM. DRM provides high security and meets the requirements of large copyrighted content providers. High High. You are charged based on the number of license calls. You need to only integrate ApsaraVideo Player SDK.

Alibaba Cloud proprietary cryptography

Introduction

Alibaba Cloud proprietary cryptography encrypts video data. Video files that are downloaded to an on-premises device are encrypted. This prevents unauthorized redistribution, video leakage, and hotlinking. For more information about the mechanism and benefits of Alibaba Cloud proprietary cryptography, see Alibaba Cloud proprietary cryptography.

Notice Videos that are encrypted by using Alibaba Cloud proprietary cryptography can be exported only in the HLS format and played only by using ApsaraVideo Player SDK.

Configure Alibaba Cloud proprietary cryptography

For more information, see Alibaba Cloud proprietary cryptography.

Play a video that is encrypted by using Alibaba Cloud proprietary cryptography

You can use only ApsaraVideo Player SDK to play a video that is encrypted by using Alibaba Cloud proprietary cryptography.

ApsaraVideo Player SDK integrates the logic of player decryption and the logic of client-server interaction. To play a video that is encrypted by using Alibaba Cloud proprietary cryptography, you need to only configure encrypted transcoding and integrate ApsaraVideo Player SDK without extra costs.

Use ApsaraVideo Player SDK for web

You can embed ApsaraVideo Player SDK for web into a web page that is not opened on an iOS client. ApsaraVideo Player SDK for web supports playback for on-demand videos that are encrypted by using Alibaba Cloud proprietary cryptography. We recommend that you use a VidAuth playback source to play on-demand videos that are encrypted by using Alibaba Cloud proprietary cryptography. In addition, ApsaraVideo Player SDK for web supports playback for live streams that are encrypted by using Alibaba Cloud proprietary cryptography. You can use a UrlSource playback source to play live streams that are encrypted by using Alibaba Cloud proprietary cryptography. Sample code:

You must set the encryptType parameter to 1 if you use a VidAuth playback source to play an on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography. This setting is not required if you play an unencrypted video. After you set the encryptType parameter to 1, Alibaba Cloud proprietary cryptography is enabled.

Sample code

<!DOCTYPE html>
  <html>
      <head>
       <meta charset="UTF-8">
       <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
       <title>Demo for the playback of an on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography</title>
       <link rel="stylesheet" href="https://g.alicdn.com/de/prismplayer/2.9.19/skins/default/aliplayer-min.css" />
       <script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/de/prismplayer/2.9.19/aliplayer-min.js"></script>
      </head>
      <body>
          <div class="prism-player" id="J_prismPlayer"></div>
          <script>
              var player = new Aliplayer({
                id: 'J_prismPlayer',
                width: '100%',
                vid : '<Video ID>',// Required. You can log on to the ApsaraVideo VOD console and choose Media Files > Audio/Video to obtain the video ID. Example: 1e067a2831b641db90d570b6480f****. 
                playauth : '<Playback credential>',// Required. You can call the GetVideoPlayAuth operation to obtain the playback credential. 
                encryptType:1, // Set this parameter to 1 if Alibaba Cloud proprietary cryptography is used to encrypt the video. Otherwise, do not set this parameter. 
              },function(player){
                console.log('The player is created.')
             });
          </script>
      </body>
  </html>

You can use a UrlSource playback source to play a live stream that is encrypted by using Alibaba Cloud proprietary cryptography in the same way as playing an unencrypted video. You do not need to set additional parameters if you use a UrlSource playback source to play a live stream that is encrypted by using Alibaba Cloud proprietary cryptography.

Sample code

<!DOCTYPE html>
 <html>
     <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
      <title>Demo for the playback of a live stream that is encrypted by using Alibaba Cloud proprietary cryptography</title>
      <link rel="stylesheet" href="https://g.alicdn.com/de/prismplayer/2.9.19/skins/default/aliplayer-min.css" />
      <script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/de/prismplayer/2.9.19/aliplayer-min.js"></script>
     </head>
     <body>
         <div class="prism-player" id="J_prismPlayer"></div>
         <script>
             var player = new Aliplayer({
               id: 'J_prismPlayer',
               width: '100%',
               isLive: true, // Set this parameter to true for the playback of live streams. 
               source: '<Streaming URL>',// Required. The streaming URL that is encrypted by using Alibaba Cloud proprietary cryptography. 
             },function(player){
               console.log('The player is created.')
            });
         </script>
     </body>
 </html>

Use ApsaraVideo Player SDK for Android

You can integrate ApsaraVideo Player SDK for Android with your application. ApsaraVideo Player SDK for Android supports playback for on-demand videos that are encrypted by using Alibaba Cloud proprietary cryptography. You can use a VidAuth, VidSts, or VidMps playback source to play on-demand videos that are encrypted by using Alibaba Cloud proprietary cryptography. We recommend that you use a VidAuth playback source. In addition, ApsaraVideo Player SDK for Android supports playback for live streams that are encrypted by using Alibaba Cloud proprietary cryptography. You can use a UrlSource playback source to play live streams that are encrypted by using Alibaba Cloud proprietary cryptography. The following content describes how to use ApsaraVideo Player SDK for Android for playback and provides sample code.

  1. Integrate ApsaraVideo Player SDK for Android.
    For more information about how to integrate ApsaraVideo Player SDK for Android, see Integration.
  2. Create a player for playback.
    For more information about how to create a player, see Play a video. In the 3. Configure a playback source. step, configure a playback source by using one of the following methods based on your business requirements.

    You must set the video encryption method returned by the server to AliyunVodEncryption if you use a VidAuth playback source to play an on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography. This setting is not required if you play an unencrypted video.

    Sample code

    VidAuth vidAuth = new VidAuth();
    VidPlayerConfigGen vidPlayerConfigGen = new VidPlayerConfigGen();
    vidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.AliyunVodEncryption);
    vidAuth.setPlayConfig(vidPlayerConfigGen);
    vidAuth.setVid("Video ID"); // The video ID.
            vidAuth.setPlayAuth("Playback credential"); // The playback credential.
            vidAuth.setRegion("Access region"); // The ID of the region from which you want to access ApsaraVideo VOD. Default value: cn-shanghai.
            aliPlayer.setDataSource(vidAuth);

    You must set the video encryption method returned by the server to AliyunVodEncryption if you use a VidSts playback source to play an on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography. This setting is not required if you play an unencrypted video.

    Sample code

    VidSts vidSts = new VidSts();
    VidPlayerConfigGen vidPlayerConfigGen = new VidPlayerConfigGen();
    vidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.AliyunVodEncryption);
    vidSts.setPlayConfig(vidPlayerConfigGen);
    vidSts.setVid("Video ID"); // The video ID.
            vidSts.setAccessKeyId("<Your AccessKey ID>"); // The AccessKey ID used for authentication.
            vidSts.setAccessKeySecret("<Your AccessKey secret>"); // The AccessKey secret used for authentication.
            vidSts.setSecurityToken("<Your security token>"); // The security token.
            vidSts.setRegion("Access region"); // The ID of the region from which you want to access ApsaraVideo VOD. Default value: cn-shanghai.
            aliPlayer.setDataSource(vidSts);

    You can use VidMps sources for playback if you use the ApsaraVideo Media Processing (MPS) service. For more information, see Play videos.

    You must set the video encryption method returned by the server to AliyunVodEncryption if you use a VidMps playback source to play an on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography. This setting is not required if you play an unencrypted video.

    Sample code

    VidMps vidMps = new VidMps();
    VidPlayerConfigGen vidPlayerConfigGen = new VidPlayerConfigGen();
    vidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.AliyunVodEncryption);
    vidMps.setPlayConfig(vidPlayerConfigGen);
    vidMps.setRegion("Access region");// The region in which the media asset resides.
            vidMps.setMediaId("Media ID");// The ID of the media asset in MPS.
            vidMps.setAuthInfo("Authentication information");// The authentication information.
            vidMps.setAccessKeyId("<Your AccessKey ID>");// The AccessKey ID that is issued together with the Security Token Service (STS) token.
            vidMps.setSecurityToken("<Your security token>");// The security token.
            vidMps.setPlayDomain("Domain name for playback");// The domain name for playback.
            vidMps.setHlsUriToken("HlsUriToken");// The HlsUriToken.
            vidMps.setAccessKeySecret("<Your AccessKey secret>");// The AccessKey secret that is issued together with the STS token.
            aliPlayer.setDataSource(vidMps);

    You can use a UrlSource playback source to play a live stream that is encrypted by using Alibaba Cloud proprietary cryptography in the same way as playing an unencrypted video. You do not need to set additional parameters if you use a UrlSource playback source to play a live stream that is encrypted by using Alibaba Cloud proprietary cryptography.

    Sample code

    UrlSource urlSource = new UrlSource();
            urlSource.setUri("Streaming URL");// Required. The streaming URL that is encrypted by using Alibaba Cloud proprietary cryptography. 
            aliPlayer.setDataSource(urlSource);

Use ApsaraVideo Player SDK for iOS

You can integrate ApsaraVideo Player SDK for iOS with your application. ApsaraVideo Player SDK for iOS supports playback for on-demand videos that are encrypted by using Alibaba Cloud proprietary cryptography. You can use a UrlSource, VidAuth, VidSts, or VidMps playback source to play on-demand videos that are encrypted by using Alibaba Cloud proprietary cryptography. We recommend that you use a VidAuth playback source. In addition, ApsaraVideo Player SDK for iOS supports playback for live streams that are encrypted by using Alibaba Cloud proprietary cryptography. You can use a UrlSource playback source to play live streams that are encrypted by using Alibaba Cloud proprietary cryptography. The following content describes how to use ApsaraVideo Player SDK for iOS for playback and provides sample code.

  1. Integrate ApsaraVideo Player SDK for iOS.
    For more information about how to integrate ApsaraVideo Player SDK for iOS, see Integration.
  2. Create a player for playback.
    You can play an on-demand video or a live stream that is encrypted by using Alibaba Cloud proprietary cryptography in the same way as playing an unencrypted video. You do not need to set additional parameters if you play an on-demand video or a live stream that is encrypted by using Alibaba Cloud proprietary cryptography. For more information, see Play a video.

HLS encryption

Introduction

HLS encryption supports common encryption solutions that are specified in HLS. HLS encryption uses AES-128 to encrypt video content and supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos. Compared with Alibaba Cloud proprietary cryptography, HLS encryption is more flexible but is difficult to use and less secure.

For more information about the mechanism and limits of HLS encryption, see HLS encryption.

Configure HLS encryption

For more information about how to configure HLS encryption, see HLS encryption.

Play an HLS-encrypted video

HLS encryption supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos.

The following content describes how to play an HLS-encrypted video. ApsaraVideo Player SDK is used in the example. ApsaraVideo Player supports the transmission of the user token. Alibaba Cloud CDN dynamically modifies the decryption URI in the .m3u8 file. The decryption URI contains the user token. Then, you can verify the user token.

Use ApsaraVideo Player SDK for web

You can embed ApsaraVideo Player SDK for web into a web page. ApsaraVideo Player SDK for web supports playback for HLS-encrypted on-demand videos. You can use a UrlSource, VidAuth, VidSts, or VidMps playback source to play HLS-encrypted on-demand videos. In addition, ApsaraVideo Player SDK for web supports playback for HLS-encrypted live streams. You can use a UrlSource playback source to play HLS-encrypted live streams.

You can play an HLS-encrypted on-demand video or live stream in the same way as playing an unencrypted video. You do not need to set additional parameters if you play an HLS-encrypted on-demand video or live stream. For more information, see Quick integration.

Use ApsaraVideo Player SDK for Android

You can integrate ApsaraVideo Player SDK for Android with your application. ApsaraVideo Player SDK for Android supports playback for HLS-encrypted on-demand videos by using a VidAuth, VidSts, or VidMps playback source. In addition, ApsaraVideo Player SDK for Android supports playback for HLS-encrypted live streams by using a UrlSource playback source. The following content describes how to use ApsaraVideo Player SDK for Android for playback and provides sample code.

  1. Integrate ApsaraVideo Player SDK for Android.
    For more information about how to integrate ApsaraVideo Player SDK for Android, see Integration.
  2. Create a player for playback.
    For more information about how to create a player, see Play a video. In the 3. Configure a playback source. step, configure a playback source by using one of the following methods based on your business requirements.

    The following sample code provides an example on how to set the parameters if you use a VidAuth playback source to play an HLS-encrypted video.

    Sample code

    VidAuth vidAuth = new VidAuth();
    VidPlayerConfigGen playerConfig = new VidPlayerConfigGen();
    VidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.HLSEncryption);// Optional. If you set this parameter to HLSEncryption, HLS-encrypted videos are returned. If you do not set this parameter, unencrypted videos and HLS-encrypted videos are returned. 
    playerConfig.setMtsHlsUriToken("User token");// Required. The user token. 
    vidAuth.setPlayConfig(playerConfig);
    vidAuth.setVid("Video ID");// Required. The video ID. 
    vidAuth.setPlayAuth("Playback credential"); // Required. The playback credential. 
    vidAuth.setRegion("Access region"); // Required. The ID of the region from which you want to access ApsaraVideo VOD. Default value: cn-shanghai. 
    aliPlayer.setDataSource(vidAuth);

    The following sample code provides an example on how to set the parameters if you use a VidSts playback source to play an HLS-encrypted video.

    Sample code

    VidSts vidSts = new VidSts();
    VidPlayerConfigGen playerConfig = new VidPlayerConfigGen();
    VidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.HLSEncryption);// Optional. If you set this parameter to HLSEncryption, HLS-encrypted videos are returned. If you do not set this parameter, unencrypted videos and HLS-encrypted videos are returned. 
    playerConfig.setMtsHlsUriToken("User token");// Required. The user token. 
    vidSts.setPlayConfig(playerConfig);
    vidSts.setVid("Video ID"); // Required. The video ID. 
    vidSts.setAccessKeyId("<Your AccessKey ID>"); // Required. The AccessKey ID used for authentication. 
    vidSts.setAccessKeySecret("<Your AccessKey secret>"); // Required. The AccessKey secret used for authentication. 
    vidSts.setSecurityToken("<Your security token>"); // Required. The security token. 
    vidSts.setRegion("Access region"); // Required. The ID of the region from which you want to access ApsaraVideo VOD. Default value: cn-shanghai. 
    aliPlayer.setDataSource(vidSts);

    You can use VidMps sources for playback if you use the MPS service. For more information, see Play videos.

    The following sample code provides an example on how to set the parameters if you use a VidMps playback source to play an HLS-encrypted video.

    Sample code

    VidMps vidMps = new VidMps();
    VidPlayerConfigGen vidPlayerConfigGen = new VidPlayerConfigGen();
    vidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.HLSEncryption);// Optional. If you set this parameter to HLSEncryption, HLS-encrypted videos are returned. If you do not set this parameter, unencrypted videos and HLS-encrypted videos are returned. 
    vidMps.setPlayConfig(vidPlayerConfigGen);
    vidMps.setRegion("Access region");// Required. The ID of the region in which the media asset resides. 
    vidMps.setMediaId("Media ID");// Required. The ID of the media asset in MPS. 
    vidMps.setAuthInfo("Authentication information");// Required. The authentication information. 
    vidMps.setAccessKeyId("<Your AccessKey ID>");// Required. The AccessKey ID that is issued together with the STS token. 
    vidMps.setSecurityToken("<Your security token>");// Required. The security token. 
    vidMps.setPlayDomain("Domain name for playback");// Required. The domain name for playback. 
    vidMps.setHlsUriToken("HlsUriToken");// Required. The HlsUriToken. 
    vidMps.setAccessKeySecret("<Your AccessKey secret>");// Required. The AccessKey secret that is issued together with the STS token. 
    aliPlayer.setDataSource(vidMps);

    You can use a UrlSource playback source to play an HLS-encrypted live stream in the same way as playing an unencrypted video. You do not need to set additional parameters if you use a UrlSource playback source to play an HLS-encrypted live stream.

    Sample code

    UrlSource urlSource = new UrlSource();
            urlSource.setUri("Streaming URL");// Required. The HLS-encrypted streaming URL. 
            aliPlayer.setDataSource(urlSource);

Use ApsaraVideo Player SDK for iOS

You can integrate ApsaraVideo Player SDK for iOS with your application. ApsaraVideo Player SDK for iOS supports playback for HLS-encrypted on-demand videos by using a VidAuth, VidSts, or VidMps playback source. In addition, ApsaraVideo Player SDK for iOS supports playback for HLS-encrypted live streams by using a UrlSource playback source. The following content describes how to use ApsaraVideo Player SDK for iOS for playback and provides sample code.

  1. Integrate ApsaraVideo Player SDK for iOS.
    For more information about how to integrate ApsaraVideo Player SDK for iOS, see Integration.
  2. Create a player for playback.
    For more information about how to create a player, see Play a video. In the 3. Configure a playback source. step, configure a playback source by using one of the following methods based on your business requirements.

    The following sample code provides an example on how to set the parameters if you use a VidAuth playback source to play an HLS-encrypted video.

    Sample code

    Use AVPVidAuthSource to set the playConfig parameter, which includes the mtsHlsUriToken parameter.

    - (instancetype)initWithVid:(NSString *)vid
            playAuth:(NSString *)playAuth
              region:(NSString *)region
              playConfig:(NSString *)playConfig;
    - (void)setAuthSource:(AVPVidAuthSource*)source;

    Generate the playConfig parameter: Use the setHlsUriToken parameter in the VidPlayerConfigGenerator class to set the token. Then, you can call the generatePlayerConfig method to generate the playConfig parameter.

    -(void) setHlsUriToken:(NSString*)MtsHlsUriToken;
    -(NSString*) generatePlayerConfig;

    The following sample code provides an example on how to set the parameters if you use a VidSts playback source to play an HLS-encrypted video.

    Sample code

    Use AVPVidAuthSource to set the playConfig parameter, which includes the mtsHlsUriToken parameter.

    - (instancetype)initWithVid:(NSString *)vid
                    accessKeyId:(NSString *)accessKeyId
                accessKeySecret:(NSString *)accessKeySecret
                  securityToken:(NSString *)securityToken
                         region:(NSString *)region
                    playConfig:(NSString *)playConfig;
    - (void)setStsSource:(AVPVidStsSource*)source;

    Generate the playConfig parameter: Use the setHlsUriToken parameter in the VidPlayerConfigGenerator class to set the token. Then, you can call the generatePlayerConfig method to generate the playConfig parameter.

    -(void) setHlsUriToken:(NSString*)MtsHlsUriToken;
    -(NSString*) generatePlayerConfig;

    You can use VidMps sources for playback if you use the MPS service. For more information, see Play videos.

    The following sample code provides an example on how to set the parameters if you use a VidMps playback source to play an HLS-encrypted video.

    Sample code

    - (instancetype)initWithVid:(NSString*)vid
                     accId:(NSString *)accId
                 accSecret:(NSString*)accSecret
                  stsToken:(NSString*)stsToken
                  authInfo:(NSString*)authInfo
                    region:(NSString*)region
                playDomain:(NSString*)playDomain
            mtsHlsUriToken:(NSString*)mtsHlsUriToken;
    - (void)setMpsSource:(AVPVidMpsSource*)source;

    You can use a UrlSource playback source to play an HLS-encrypted live stream in the same way as playing an unencrypted video. You do not need to set additional parameters if you use a UrlSource playback source to play an HLS-encrypted live stream.

    Sample code

    AVPUrlSource *urlSource = [[AVPUrlSource alloc] urlWithString:url]; // Required. The HLS-encrypted streaming URL. 
    [self.player setUrlSource:urlSource];

DRM encryption

Introduction

ApsaraVideo VOD supports DRM encryption technologies that are widely used in the industry. You can add and manage DRM certificates and enable DRM encryption in the ApsaraVideo VOD console to protect the security of your copyrighted video content. Widevine and Fairplay DRM encryption are supported.

For more information about the benefits and architecture of DRM encryption, see Introduction.

Configure DRM encryption

You can enable this feature only in the ApsaraVideo VOD console. For more information, see Enable DRM encryption.

Play a DRM-encrypted video

You can use only ApsaraVideo Player SDK to play a DRM-encrypted video.

Use ApsaraVideo Player SDK for web

You can embed ApsaraVideo Player SDK for web into a web page. ApsaraVideo Player SDK for web supports playback for DRM-encrypted on-demand videos. You can use a VidSts playback source to play DRM-encrypted on-demand videos. In addition, ApsaraVideo Player SDK for web supports playback for DRM-encrypted live streams. You can use a UrlSource playback source to play DRM-encrypted live streams. Sample code:

You must set the isDrm parameter to true if you use a VidSts playback source to play a DRM-encrypted on-demand video. This setting is not required if you play an unencrypted video. After you set the isDrm parameter to true, DRM encryption is enabled.

Sample code

<!DOCTYPE html>
 <html>
     <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
      <title>Demo for the playback of a DRM-encrypted on-demand video</title>
      <link rel="stylesheet" href="https://g.alicdn.com/de/prismplayer/2.9.19/skins/default/aliplayer-min.css" />
      <script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/de/prismplayer/2.9.19/aliplayer-min.js"></script>
     </head>
     <body>
         <div class="prism-player" id="J_prismPlayer"></div>
         <script>
             var player = new Aliplayer({
               id: 'J_prismPlayer',
               width: '100%',
               isDrm: true,
               vid: '<Video ID>',// Required. You can log on to the ApsaraVideo VOD console and choose Media Files > Audio/Video to obtain the video ID. Example: 1e067a2831b641db90d570b6480f****. 
               accessKeyId: '<Your AccessKey ID>',// Required. You can log on to the Resource Access Management (RAM) console, go to the AccessKey Pair page, and then create an AccessKey pair or view the AccessKey secret of an existing AccessKey ID. 
               securityToken: '<Your STS token>',// Required. The temporary playback credential. You must obtain the temporary STS token before you play a video. For more information, see Create a role and grant temporary access permissions to the role by using STS. 
               accessKeySecret: '<Your AccessKey secret>',// Required. You can log on to the RAM console, go to the AccessKey Pair page, and then create an AccessKey pair or view the AccessKey secret of an existing AccessKey ID. 
               region: '<Region ID of the media asset>', // Required. The ID of the region in which the media asset resides, such as cn-shanghai, eu-central-1, or ap-southeast-1. 
               certId: '<Your certificate ID>', // Required only if you want to play the video on an Apple device. This parameter is used to request an Apple certificate. You can obtain the value of this parameter in the ApsaraVideo VOD console or the ApsaraVideo Live console based on how DRM encryption is performed. 
             },function(player){
               console.log('The player is created.')
            });
         </script>
     </body>
 </html>

If you use UrlSource for the playback of a DRM-encrypted live stream, you must specify the streaming URL and STS token.

Sample code

<!DOCTYPE html>
 <html>
     <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
      <title>Demo for the playback of a DRM-encrypted live stream</title>
      <link rel="stylesheet" href="https://g.alicdn.com/de/prismplayer/2.9.19/skins/default/aliplayer-min.css" />
      <script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/de/prismplayer/2.9.19/aliplayer-min.js"></script>
     </head>
     <body>
         <div class="prism-player" id="J_prismPlayer"></div>
         <script>
             var player = new Aliplayer({
               id: 'J_prismPlayer',
               width: '100%',
               isLive: true, // Set this parameter to true for the playback of live streams. 
               isDrm: true,
               source: '<Streaming URL>',// Required. The DRM-encrypted streaming URL. 
               accessKeyId: '<Your AccessKey ID>',// Required. You can log on to the RAM console, go to the AccessKey Pair page, and then create an AccessKey pair or view the AccessKey secret of an existing AccessKey ID. 
               securityToken: '<Your STS token>',// Required. The temporary playback credential. You must obtain the temporary STS token before you play a video. For more information, see Create a role and grant temporary access permissions to the role by using STS. 
               accessKeySecret: '<Your AccessKey secret>',// Required. You can log on to the RAM console, go to the AccessKey Pair page, and then create an AccessKey pair or view the AccessKey secret of an existing AccessKey ID. 
               region: '<Region ID of the media asset>', // Required. The ID of the region in which the media asset resides, such as cn-shanghai, eu-central-1, or ap-southeast-1. 
               certId: '<Your certificate ID>', // Required only if you want to play the video on an Apple device. This parameter is used to request an Apple certificate. You can obtain the value of this parameter in the ApsaraVideo VOD console or the ApsaraVideo Live console based on how DRM encryption is performed. 
             },function(player){
               console.log('The player is created.')
            });
         </script>
     </body>
 </html>

Use ApsaraVideo Player SDK for Android

You can integrate ApsaraVideo Player SDK for Android with your application. ApsaraVideo Player SDK for Android supports playback for DRM-encrypted on-demand videos by using a VidSts playback source. In addition, ApsaraVideo Player SDK for Android supports playback for DRM-encrypted live streams by using a UrlSource playback source. The following content describes how to use ApsaraVideo Player SDK for Android for playback and provides sample code.

  1. Integrate ApsaraVideo Player SDK for Android.
    For more information about how to integrate ApsaraVideo Player SDK for Android, see Integration.
  2. Create a player for playback.
    For more information about how to create a player, see Play a video. In the 3. Configure a playback source. step, configure a playback source by using one of the following methods based on your business requirements.

    You can use a VidSts playback source to play a DRM-encrypted on-demand video in the same way as playing an unencrypted video. You do not need to set additional parameters if you use a VidSts playback source to play a DRM-encrypted on-demand video.

    Sample code

    VidSts vidSts = new VidSts();
            vidSts.setVid("Video ID"); // The video ID.
            vidSts.setAccessKeyId("<Your AccessKey ID>"); // The AccessKey ID used for authentication.
            vidSts.setAccessKeySecret("<Your AccessKey secret>"); // The AccessKey secret used for authentication.
            vidSts.setSecurityToken("<Your security token>"); // The security token.
            vidSts.setRegion("Access region"); // The ID of the region from which you want to access ApsaraVideo VOD. Default value: cn-shanghai.
            aliPlayer.setDataSource(vidSts);

    You must specify the streaming URL and STS token for the playback of a DRM-encrypted live stream by using a UrlSource playback source.

    Sample code

    1. Create a playback source. You must specify AVPLiveStsSource as the playback source.

    // Create the AVPLiveStsSource playback source.
     LiveSts liveSts = new LiveSts();
     liveSts.setUrl("The URL of the encrypted live stream");
     liveSts.setAccessKeyId("The temporary AccessKey ID");
     liveSts.setAccessKeySecret("The temporary AccessKey secret");
     liveSts.setSecurityToken("The security token");
     liveSts.setDomain("The name of the streaming domain");
     liveSts.setApp("The name of the application to which the live stream belongs");
     liveSts.setStream("The name of the live stream");
     // Configure the playback source.
     aliyunVodPlayer.setDataSource(liveSts);
     ......
     // Prepare for playback.
     aliyunVodPlayer.prepare();

    2. Check whether the STS token is valid. The encryption key may change during the playback of encrypted live streams. When the key is changed, the player requests the latest key from STS. You must check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.

    mAliyunVodPlayer.setOnVerifyStsCallback(new IPlayer.OnVerifyStsCallback() {
        @Override
        public IPlayer.StsStatus onVerifySts(StsInfo info) {
            if (The token can be used) {
                return IPlayer.StsStatus.Valid;
            }
    
            if(A valid STS token can be obtained){
                Obtain STS(); // This operation can be synchronously or asynchronously performed. 
                return IPlayer.StsStatus.Pending;
            }
            // If the token is invalid and the latest STS token cannot be obtained, we recommend that you stop the playback to prevent screen flickers. 
            mAliyunVodPlayer.stop();
            return IPlayer.StsStatus.Invalid;
        }
    });

    Note: After you obtain a token, you must call the updateStsInfo method to update the STS token. If you fail to obtain the token, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.

    mAliyunVodPlayer.updateStsInfo(stsInfo);

Use ApsaraVideo Player SDK for iOS

You can integrate ApsaraVideo Player SDK for iOS with your application. ApsaraVideo Player SDK for iOS supports playback for DRM-encrypted on-demand videos by using a VidSts playback source. In addition, ApsaraVideo Player SDK for iOS supports playback for DRM-encrypted live streams by using a UrlSource playback source. The following content describes how to use ApsaraVideo Player SDK for iOS for playback and provides sample code.

  1. Integrate ApsaraVideo Player SDK for iOS.
    For more information about how to integrate ApsaraVideo Player SDK for iOS, see Integration.
  2. Create a player for playback.
    For more information about how to create a player, see Play a video. In the 3. Configure a playback source. step, configure a playback source by using one of the following methods based on your business requirements.

    You can use a VidSts playback source to play a DRM-encrypted on-demand video in the same way as playing an unencrypted video. You do not need to set additional parameters if you use a VidSts playback source to play a DRM-encrypted on-demand video.

    Sample code

    AVPVidStsSource *source = [[AVPVidStsSource alloc] init];
        source.region = self."Region"; // The ID of the region from which you want to access ApsaraVideo VOD.
        source.vid = self."Vid"; // The video ID.
        source.securityToken = self."<Your security token>"; // The STS token.
        source.accessKeySecret = self."<Your AccessKey secret>"; // The AccessKey secret.
        source.accessKeyId = self."<Your AccessKey ID>"; // The AccessKey ID.
         // Configure the playback source.
        [self.player setStsSource:source]

    You must specify the streaming URL and STS token for the playback of a DRM-encrypted live stream by using a UrlSource playback source.

    Sample code

    1. Create a playback source. You must specify AVPLiveStsSource as the playback source.

    // Create the AVPLiveStsSource playback source.
    AVPLiveStsSource *liveStsSource = [[AVPLiveStsSource alloc] initWithUrl:@"The URL of the encrypted live stream." accessKeyId:@"The temporary AccessKey ID."accessKeySecret:@"The temporary AccessKey secret." securityToken:@"The security token." region:@"The access region." domain:@"The name of the streaming domain." app:@"The name of the application to which the live stream belongs." stream:@"The name of the live stream."];
     // Configure the playback source.
     [self.aliPlayer setLiveStsSource:liveStsSource];
     ......
     // Prepare for playback.
     [self.aliPlayer prepare];

    2. Check whether the STS token is valid. The encryption key may change during the playback of encrypted live streams. When the key is changed, the player requests the latest key from STS. You must check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.

     __weak typeof(self) weakSelf = self;
    [self.aliPlayer setVerifyStsCallback:^AVPStsStatus(AVPStsInfo info) {
        if (The token can be used) {
            return Valid;
        }
        if(A valid STS token can be obtained){
            Obtain STS(); // This operation can be synchronously or asynchronously performed. 
            return Pending;
        }
        [weakSelf.aliPlayer stop];
        return Invalid;
    }];

    Note: After you obtain a token, you must call the updateLiveStsInfo method to update the STS token. If you fail to obtain the token, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.

    [self.aliPlayer updateLiveStsInfo:self.liveStsSource.accessKeyId accKey:self.liveStsSource.accessKeySecret token:self.liveStsSource.securityToken region:self.liveStsSource.region];