All Products
Search
Document Center

ApsaraVideo VOD:Play an encrypted video

Last Updated:Feb 18, 2024

ApsaraVideo VOD and ApsaraVideo Live support multiple encryption methods. You can use ApsaraVideo Player SDK to decrypt and play videos. This protects your video content from hotlinking, illegal downloads, and unauthorized distribution. This topic describes how to use ApsaraVideo Player SDK to play videos encrypted by using HTTP-Live-Streaming (HLS) encryption, Alibaba Cloud proprietary cryptography, and digital rights management (DRM) encryption.

Video encryption overview

ApsaraVideo VOD provides a comprehensive security mechanism to protect videos from hotlinking and illegal downloads or distribution. Security policies include access control, URL signing, remote authentication, video encryption, and secure download.

For more information about the security policies, see Overview. This topic describes how to play videos that are encrypted by using three encryption methods. The following table describes the three methods that can be used to encrypt videos.

Security policy

Method

Benefit

Security level

Deployment complexity

Video encryption

Alibaba Cloud proprietary cryptography

ApsaraVideo VOD uses a proprietary cryptography algorithm to provide a cloud-device integrated video encryption solution. This ensures the security of transmission links.

High

Relatively low. You need to only perform simple configurations and integrate ApsaraVideo Player SDK.

HTTP-Live-Streaming (HLS) encryption

HLS encryption uses AES-128 to encrypt video content and supports all HLS-compatible players. However, the keys are prone to theft.

Relatively high

High. You must set up a key management service and a token issuance service. In addition, you must ensure the security of transmission links.

Commercial digital rights management (DRM)

Platforms such as Apple FairPlay and Google Widevine provide native support for DRM. DRM delivers high security and meets the requirements of large copyright content providers.

High

High. You are charged based on the number of license calls. You need to only integrate ApsaraVideo Player SDK.

Compatibility of ApsaraVideo Player SDK

Note

Before you use ApsaraVideo Player SDK for Web to play encrypted videos, make sure that you are familiar with the encryption features supported on your browser. For example, you cannot use ApsaraVideo Player SDK for Web to play videos encrypted by using Alibaba Cloud proprietary cryptography on iOS devices. For more information, see Browsers supported by the HTML5 player and Features of the HTML5 player supported by browsers.

Client

Playback method

Alibaba Cloud proprietary cryptography (HLS format)

Alibaba Cloud proprietary cryptography (MP4 format)

HLS encryption

DRM encryption

ApsaraVideo Player SDK for Web

UrlSource-based playback

Not supported

Not supported

Supported

Not supported

VidAuth-based playback

Supported

Not supported

Supported

Not supported

VidSts-based playback

Not supported

Not supported

Supported

Supported

UrlSource-based live streaming

Not supported

-

Supported

Not supported

LiveStsSource-based live streaming

Supported

-

Not supported

Supported

ApsaraVideo Player SDK for Android

UrlSource-based playback

Not supported

Supported only in ApsaraVideo Player SDK for Android V6.8.0 or later.

Not supported

Not supported

VidAuth-based playback

Supported

Supported

Supported

Not supported

VidSts-based playback

Supported

Supported

Supported

Supported

UrlSource-based live streaming

Not supported

-

Supported

Not supported

LiveStsSource-based live streaming

Supported

-

Not supported

Supported

ApsaraVideo Player SDK for iOS

UrlSource-based playback

Not supported

Supported only in ApsaraVideo Player SDK for iOS V6.8.0 or later.

Not supported

Not supported

VidAuth-based playback

Supported

Supported

Supported

Not supported

VidSts-based playback

Supported

Supported

Supported

Supported

UrlSource-based live streaming

Not supported

-

Supported

Not supported

LiveStsSource-based live streaming

Supported

-

Not supported

Supported

Alibaba Cloud proprietary cryptography

Overview

Alibaba Cloud proprietary cryptography encrypts video data. Video files that are downloaded to local devices are encrypted. This prevents unauthorized redistribution, video leakage, and hotlinking. For more information about the mechanism and benefits of Alibaba Cloud proprietary cryptography, see Alibaba Cloud proprietary cryptography.

ApsaraVideo Player encapsulates the logic for video decryption and client-server interactions into the SDK. To play videos that are encrypted by using Alibaba Cloud proprietary cryptography, you need to only configure encryption and transcoding and integrate ApsaraVideo Player SDK for playback at low costs.

Important

Videos encrypted by using Alibaba Cloud proprietary cryptography are generated only in the HLS and MP4 formats and can be played only by using ApsaraVideo Player.

Configure Alibaba Cloud proprietary cryptography

For more information, see Usage.

Use ApsaraVideo Player SDK for Web

Limits

You can use only ApsaraVideo Player to play HLS videos that are encrypted by using Alibaba Cloud proprietary cryptography.

Procedure

You can embed ApsaraVideo Player SDK for Web into a web page to play videos encrypted by using Alibaba Cloud proprietary cryptography. Sample code:

Note
  • Before you use ApsaraVideo Player SDK for Web, make sure that your browser supports the playback of videos encrypted by using Alibaba Cloud proprietary cryptography. The following items describe the compatibility of ApsaraVideo Player.

    • HTML5 players can be used in browsers on mobile devices and PCs. However, videos encrypted by using Alibaba Cloud proprietary cryptography cannot be played in browsers on iOS devices or Android devices except Chrome for Android. For more information about supported browsers on PCs, see Browsers supported by the HTML5 player.

    • Flash players can be used only in browsers on PCs. For more information, see Browsers supported by the Flash player.

  • For security reasons, you cannot use Alibaba Cloud proprietary cryptography to encrypt videos that are already encrypted.

Use VidAuth to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS format)

If you use VidAuth to play an on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography, you must pass encryptType: 1. This setting is optional if you play an unencrypted video.

<!DOCTYPE html>
  <html>
      <head>
       <meta charset="UTF-8">
       <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
       <title>Demo for playing an on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography</title>
       <link rel="stylesheet" href="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/skins/default/aliplayer-min.css" />
       <script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/aliplayer-min.js"></script>
      </head>
      <body>
          <div class="prism-player" id="J_prismPlayer"></div>
          <script>
              var player = new Aliplayer({
                id: 'J_prismPlayer',
                width: '100%',
                vid : '<your video ID>',// Required. You can log on to the ApsaraVideo VOD console and choose Media Files > Audio/Video to obtain the video ID. Example: 1e067a2831b641db90d570b6480f****. 
                playauth : '<your PlayAuth>',// Required. You can the call GetVideoPlayAuth operation to obtain the playback credential. 
                encryptType: 1, // Required. Set this parameter to 1 if you use Alibaba Cloud proprietary cryptography to encrypt the video. Otherwise, leave this parameter empty. 
                playConfig:{EncryptType:'AliyunVoDEncryption'}, // Specify this parameter if the output M3U8 streams include streams that are encrypted by using an algorithm other than Alibaba Cloud proprietary cryptography. 
                // authTimeout: 7200, // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 7200 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
              },function(player){
                console.log('The player is created.')
             });
          </script>
      </body>
  </html>

Use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography (HLS format)

If you use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography, you must specify the streaming URL and Security Token Service (STS) token. For more information, see Use STS to upload videos. Sample code:

<!DOCTYPE html>
 <html>
     <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
      <title>Demo for playing a live stream that is encrypted by using Alibaba Cloud proprietary cryptography</title>
      <link rel="stylesheet" href="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/skins/default/aliplayer-min.css" />
      <script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/aliplayer-min.js"></script>
     </head>
     <body>
         <div class="prism-player" id="J_prismPlayer"></div>
         <script>
             var player = new Aliplayer({
               id: 'J_prismPlayer',
               width: '100%',
               isLive: true, // Set this parameter to true. 
               source: '<your live stream url>',// Required. The streaming URL is the HLS URL of an stream that is encrypted by using Alibaba Cloud proprietary cryptography. 
               accessKeyId: '<your AccessKey ID>',// Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
               accessKeySecret: '<your AccessKey secret>',// Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. 
               securityToken: '<your STS token>',// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. 
               domain: '<your Domain>',// Required. The domain name used for stream pulling. 
               app:'<your App Name>',// Required. The name of the application. 
               stream:'<your Stream Name>',// Required. The name of the live stream. 
               regionId: '<region of your video>',// Required. The ID of the region in which the media asset is stored, such as cn-shanghai, eu-central-1, or ap-southeast-1. 
             },function(player){
               console.log('The player is created.')
            });
         </script>
     </body>
 </html>

Use ApsaraVideo Player SDK for Android

Limits

HLS and MP4 videos that are encrypted by using Alibaba Cloud proprietary cryptography can be played only by using ApsaraVideo Player.

Procedure

You can integrate ApsaraVideo Player SDK for Android into your application. The following content describes how to use ApsaraVideo Player SDK for Android for playback and provides sample code:

  1. Integrate ApsaraVideo Player SDK for Android.

    For more information, see Quick integration.

  2. Create a player for playback.

    For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.

    Use UrlSource to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (MP4 format)

    Note

    You can use UrlSource to play on-demand MP4 videos that are encrypted by using Alibaba Cloud proprietary cryptography. This method is supported only for ApasaVideo Player SDK for Android V6.8.0 or later.

    To use UrlSource to play an MP4 video that is encrypted by using Alibaba Cloud proprietary cryptography, call the GetPlayInfo operation to obtain the playback URL and add etavirp_nuyila=1 to the end of the URL. Then, pass the URL to the player for playback. You do not need to configure additional parameters.

    Sample URL: https://example.aliyundoc.com/test.mp4?etavirp_nuyila=1

    UrlSource urlSource = new UrlSource();
    urlSource.setUri("Playback URL");// Required. The playback URL of the video. You can call the GetPlayInfo operation to obtain the URL.
    // Add etavirp_nuyila=1 to the end of the playback URL before you pass the URL to the player for playback. Sample URL: https://example.aliyundoc.com/test.mp4?etavirp_nuyila=1.
    aliPlayer.setDataSource(urlSource);

    Use VidAuth to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS and MP4 formats)

    If streams that are encrypted by using a method other than Alibaba Cloud proprietary cryptography exist or unencrypted streams exist, you can set the encryption method to AliyunVodEncryption to filter videos that are encrypted by using Alibaba Cloud proprietary cryptography.

    VidAuth vidAuth = new VidAuth();
    VidPlayerConfigGen vidPlayerConfigGen = new VidPlayerConfigGen();
    vidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.AliyunVodEncryption);// Optional. If you set the encryption method to AliyunVodEncryption, only videos that are encrypted by using Alibaba Cloud proprietary cryptography are returned. 
    vidAuth.setPlayConfig(vidPlayerConfigGen);
    vidAuth.setVid("Video ID");// Required. The video ID. 
    vidAuth.setPlayAuth("Playback credential"); // Required. The playback credential. To obtain the playback credential, call the GetVideoPlayAuth operation in ApsaraVideo VOD. 
    vidAuth.setRegion("Access region"); // This parameter is deprecated in ApsaraVideo Player SDK V5.5.5.0 or later. If you use ApsaraVideo Player SDK V5.5.5.0 or later, the player automatically parses the region information. If you use ApsaraVideo Player SDK whose version is earlier than V5.5.5.0, this parameter is required. Specify the ID of the region in which ApsaraVideo VOD is activated for this parameter. Default value: cn-shanghai. 
    // vidAuth.setAuthTimeout(3600);// Optional. the validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
    aliPlayer.setDataSource(vidAuth);

    Use VidSts to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS and MP4 formats)

    If streams that are encrypted by using a method other than Alibaba Cloud proprietary cryptography exist or unencrypted streams exist, you can set the encryption method to AliyunVodEncryption to filter videos that are encrypted by using Alibaba Cloud proprietary cryptography.

    VidSts vidSts = new VidSts();
    VidPlayerConfigGen vidPlayerConfigGen = new VidPlayerConfigGen();
    vidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.AliyunVodEncryption);// Optional. If you set the encryption method to AliyunVodEncryption, only videos that are encrypted by using Alibaba Cloud proprietary cryptography are returned. 
    vidSts.setPlayConfig(vidPlayerConfigGen);
    vidSts.setVid("Video ID"); // Required. The video ID. 
    vidSts.setAccessKeyId("<your AccessKey ID>"); // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
    vidSts.setAccessKeySecret("<your AccessKey secret>");// Required. The AccessKey secret that is issued together with the STS token. To generate the AccessKey secret, call the AssumeRole operation in STS. 
    vidSts.setSecurityToken("<your security token>");// Required. The security token. To generate an STS token, call the AssumeRole operation in STS. 
    vidSts.setRegion("Access region"); // Required. The ID of the region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. 
    // vidAuth.setAuthTimeout(3600);// Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
    aliPlayer.setDataSource(vidSts);

    Use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography (HLS format)

    If you use LiveStsSource to play an HLS live stream that is encrypted by using Alibaba Cloud proprietary cryptography, you must specify the streaming URL and STS token and set the encryption method to AliEncryption. Sample code:

    1. Configure a playback source.

      Set AVPLiveStsSource as the playback source.

      // Create the AVPLiveStsSource playback source. You must set EncryptionType to AliEncryption.
      LiveSts liveSts = new LiveSts();
      liveSts.setUrl("<your live stream url>");// Required. The URL of the HLS live stream that is encrypted by using Alibaba Cloud proprietary cryptography. 
      liveSts.setAccessKeyId("<your AccessKey ID>");// Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
      liveSts.setAccessKeySecret("<your AccessKey secret>");// Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. 
      liveSts.setSecurityToken("<your STS token>");// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. 
      liveSts.setDomain("<your Domain>");// Required. The name of the streaming domain. 
      liveSts.setApp("<your App Name>");// Required. The name of the application to which the live stream belongs. 
      liveSts.setStream("<your Stream Name>");// Required. The name of the live stream. 
      liveSts.setEncryptionType(LiveSts.LiveEncryptionType.AliEncryption);// Required. Set the encryption method to AliEncryption. 
      liveSts.setRegion("<region of your video>");// Required. The region in which ApsaraVideo VOD is activated, such as cn-shanghai. 
      // Configure the playback source.
      aliPlayer.setDataSource(liveSts);
      // Prepare for playback.
      aliPlayer.prepare();
    2. Check whether the STS token is valid.

      The encryption key may change during the playback of encrypted live streams. When the key is changed, the player sends a request to obtain the latest key from STS. Check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.

      mAliyunVodPlayer.setOnVerifyTimeExpireCallback(new AliPlayer.OnVerifyTimeExpireCallback() {
      		@Override
          public AliPlayer.Status onVerifySts(StsInfo info) {
              if (The token can be used){
                  return IPlayer.StsStatus.Valid;
              }
      
              if(A valid STS token can be obtained){
                  Obtain STS();// This operation can be synchronously or asynchronously performed. 
                  return IPlayer.StsStatus.Pending;
              }
              // If the token is invalid and the latest STS token cannot be obtained, we recommend that you stop the playback to prevent screen flickers. 
              mAliyunVodPlayer.stop();
              return IPlayer.StsStatus.Invalid;
          }
      
          @Override
          public AliPlayer.Status onVerifyAuth(VidAuth auth) {
              return AliPlayer.Status.Valid;
          }
      });
      Note

      After you obtain a valid STS token, call updateLiveStsInfo to update the STS token. If the token failed to be obtained, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.

      mAliyunVodPlayer.updateStsInfo(stsInfo);

Use ApsaraVideo Player SDK for iOS

Limits

HLS and MP4 videos that are encrypted by using Alibaba Cloud proprietary cryptography can be played only by using ApsaraVideo Player.

Procedure

You can integrate ApsaraVideo Player SDK for iOS into your application. The following content describes how to use ApsaraVideo Player SDK for iOS for playback and provides sample code:

  1. Integrate ApsaraVideo Player SDK for iOS.

    For more information, see Quick integration.

  2. Create a player for playback.

    For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.

    Use UrlSource to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (MP4 format)

    Note

    You can use UrlSource to play on-demand MP4 videos that are encrypted by using Alibaba Cloud proprietary cryptography. This method is supported only for ApasaVideo Player SDK for iOS V6.8.0 or later.

    To use UrlSource to play an MP4 on-demand video that is encrypted by using Alibaba Cloud proprietary cryptography, call the GetPlayInfo operation to obtain the playback URL and add etavirp_nuyila=1 to the end of the URL. Then, pass the URL to the player for playback. You do not need to configure additional parameters.

    Sample URL: https://example.aliyundoc.com/test.mp4?etavirp_nuyila=1

    AVPUrlSource *urlSource = [[AVPUrlSource alloc] urlWithString:url]; // Required. The playback URL. You can call the GetPlayInfo operation to obtain the playback URL. Add etavirp_nuyila=1 to the end of the playback URL before you pass the URL to the player for playback. Sample URL: https://example.aliyundoc.com/test.mp4?etavirp_nuyila=1.
    [self.player setUrlSource:urlSource]; 

    Use VidAuth to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS and MP4 formats)

    If streams that are encrypted by using a method other than Alibaba Cloud proprietary cryptography exist or unencrypted streams exist, you can set the encryption method to AliyunVodEncryption to filter videos that are encrypted by using Alibaba Cloud proprietary cryptography.

    AVPVidAuthSource *authSource = [[AVPVidAuthSource alloc] init];
    authSource.vid = @"Vid"; // Required. The video ID. 
    authSource.playAuth = @"<yourPlayAuth>"; // Required. The playback credential. To obtain a playback credential, call the GetVideoPlayAuth operation in ApsaraVideo VOD. 
    authSource.region = @"Access region"; // This parameter is deprecated in ApsaraVideo Player SDK V5.5.5.0 or later. If you use ApsaraVideo Player SDK V5.5.5.0 or later, the player automatically parses the region information. If you use ApsaraVideo Player SDK V5.5.5.0 or earlier, this parameter is required. Specify the ID of the region in which ApsaraVideo VOD is activated for this parameter. Default value: cn-shanghai. 
    // authSource.authTimeout=3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
    
    // Build the config parameter based on VidPlayerConfigGenerator.
    VidPlayerConfigGenerator* config = [[VidPlayerConfigGenerator alloc]init];
    [config addVidPlayerConfigByStringValue:@"EncryptType" value:@"AliyunVodEncryption"]; // Optional. If you set the encryption method to AliyunVodEncryption, only videos that are encrypted by using Alibaba Cloud proprietary cryptography are returned. 
    authSource.playConfig = [config generatePlayerConfig]; 
    [self.player setAuthSource:authSource];

    Use VidSts to play an on-demand video encrypted by using Alibaba Cloud proprietary cryptography (HLS and MP4 formats)

    If streams that are encrypted by using a method other than Alibaba Cloud proprietary cryptography exist or unencrypted streams exist, you can set the encryption method to AliyunVodEncryption to filter videos that are encrypted by using Alibaba Cloud proprietary cryptography.

    AVPVidStsSource *source = [[AVPVidStsSource alloc] init];
    source.region = @"Access region"; // Required. The region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. 
    source.vid = @"Vid"; // Required. The ID of the video. 
    source.securityToken = @"<yourSecurityToken>"; // Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. 
    source.accessKeySecret = @"<yourAccessKeySecret>"; // Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. 
    source.accessKeyId = @"<yourAccessKeyId>"; // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
    // source.authTimeout=3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
    
    // Build the config parameter based on VidPlayerConfigGenerator.
    VidPlayerConfigGenerator* config = [[VidPlayerConfigGenerator alloc]init];
    [config addVidPlayerConfigByStringValue:@"EncryptType" value:@"AliyunVodEncryption"]; // Optional. If you set the encryption method to AliyunVodEncryption, only videos that are encrypted by using Alibaba Cloud proprietary cryptography are returned. 
    source.playConfig = [config generatePlayerConfig]; 
    
    // Configure the playback source.
    [self.player setStsSource:source];

    Use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography (HLS format)

    If you use LiveStsSource to play a live stream encrypted by using Alibaba Cloud proprietary cryptography, you must specify the streaming URL and STS token and set the encryption method to ENCRYPTION_TYPE_ALIVODENCRYPTION. Sample code:

    1. Configure a playback source.

      Set AVPLiveStsSource as the playback source.

      // Create the AVPLiveStsSource playback source. You must set encryptionType to ENCRYPTION_TYPE_ALIVODENCRYPTION.
      AVPLiveStsSource *liveStsSource = [[AVPLiveStsSource alloc] initWithUrl:@"Streaming URL" 
                                                                  accessKeyId:@"Temporary AccessKey ID" 
                                                                  accessKeySecret:@""Temporary AccessKey secret" 
                                                                  securityToken:@"Security token" 
                                                                  region:@"Region name" 
                                                                  domain:@"Streaming domain" 
                                                                  app:@"Application name" 
                                                                  stream:@"Stream name" 
                                                                  encryptionType:ENCRYPTION_TYPE_ALIVODENCRYPTION];// Required. Set the encryption method to ENCRYPTION_TYPE_ALIVODENCRYPTION. 
       // Configure the playback source.
       [self.aliPlayer setLiveStsSource:liveStsSource];
       ......
       // Prepare for playback.
       [self.aliPlayer prepare];

    2. Check whether the STS token is valid.

      The encryption key may change during the playback of encrypted live streams. When the key is changed, the player sends a request to obtain the latest key from STS. You must check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.

       __weak typeof(self) weakSelf = self;
      [self.aliPlayer setVerifyStsCallback:^AVPStsStatus(AVPStsInfo info) {
          if (The token can be used) {
              return Valid;
          }
          if(A valid STS token can be obtained){
              Obtain STS();// This operation can be synchronously or asynchronously performed. 
              return Pending;
          }
          [weakSelf.aliPlayer stop];
          return Invalid;
      }];
      Note

      After you obtain a valid STS token, you must call updateLiveStsInfo to update the STS token. If the token failed to be obtained, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.

      [self.aliPlayer updateLiveStsInfo:self.liveStsSource.accessKeyId accKey:self.liveStsSource.accessKeySecret token:self.liveStsSource.securityToken region:self.liveStsSource.region];

HLS encryption

Overview

HLS encryption supports common encryption solutions that are specified in HLS. HLS encryption uses AES-128 to encrypt video content and supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos. Compared with Alibaba Cloud proprietary cryptography, HLS encryption is more flexible but is difficult to use and less secure.

For more information about the mechanism and limits of HLS encryption, see HLS encryption.

Configure HLS encryption

For more information about how to configure HLS encryption, see HLS encryption.

Use ApsaraVideo Player SDK for Web

Limits

HLS encryption supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos. The following content describes how to play an HLS-encrypted video in ApsaraVideo Player. ApsaraVideo Player supports the transmission of the user token. Alibaba Cloud CDN dynamically modifies the decryption URI in the .m3u8 file. The decryption URI contains the user token. Then, you can verify the user token.

Procedure

You can embed ApsaraVideo Player SDK for Web into a web page to play videos encrypted by using Alibaba Cloud proprietary cryptography.

Note

Before you use ApsaraVideo Player SDK for Web, make sure that your browser supports the playback of HLS-encrypted videos. The following items describe the compatibility of ApsaraVideo Player.

  • HTML5 players can be used in browsers on mobile devices and PCs. For more information about supported browsers, see Features of the HTML5 player supported by browsers.

  • Flash players can be used only in browsers on PCs. For more information, see the Browsers supported by the Flash player section of the Overview topic.

If you play on-demand videos and live streams encrypted by using HLS, you do not need to set additional parameters. For more information about the playback procedures and sample code, see Quick integration.

Use ApsaraVideo Player SDK for Android

Limits

HLS encryption supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos. The following content describes how to play an HLS-encrypted video in ApsaraVideo Player. ApsaraVideo Player supports the transmission of the user token. Alibaba Cloud CDN dynamically modifies the decryption URI in the .m3u8 file. The decryption URI contains the user token. Then, you can verify the user token.

Procedure

You can integrate ApsaraVideo Player SDK for Android into your application. The following content describes how to use ApsaraVideo Player SDK for Android for playback and provides sample code:

  1. Integrate ApsaraVideo Player SDK for Android.

    For more information, see Quick integration.

  2. Create a player for playback.

    For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.

    Use VidAuth to play an HLS-encrypted on-demand video

    If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:

    VidAuth vidAuth = new VidAuth();
    VidPlayerConfigGen playerConfig = new VidPlayerConfigGen();
    playerConfig.setEncryptType(VidPlayerConfigGen.EncryptType.HLSEncryption);// Optional. If you set the encryption method to HLSEncryption, only videos that are encrypted by using HLS encryption are returned. 
    playerConfig.setMtsHlsUriToken("User token");// Optional. Specify this parameter if you want to verify the user token. 
    vidAuth.setPlayConfig(playerConfig);
    vidAuth.setVid("Video ID");// Required. The video ID. 
    vidAuth.setPlayAuth("Playback credential"); // Required. The playback credential. To obtain the playback credential, call the GetVideoPlayAuth operation in ApsaraVideo VOD. 
    vidAuth.setRegion("Access region"); // This parameter is deprecated in ApsaraVideo Player SDK V5.5.5.0 or later. If you use ApsaraVideo Player SDK V5.5.5.0 or later, the player automatically parses the region information. If you use ApsaraVideo Player SDK whose version is earlier than V5.5.5.0, this parameter is required. Specify the ID of the region in which ApsaraVideo VOD is activated for this parameter. Default value: cn-shanghai. 
    // vidAuth.setAuthTimeout(3600);// Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
    aliPlayer.setDataSource(vidAuth);

    Use VidSts to play an HLS-encrypted on-demand video

    If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:

    VidSts vidSts = new VidSts();
    VidPlayerConfigGen playerConfig = new VidPlayerConfigGen();
    VidPlayerConfigGen.setEncryptType(VidPlayerConfigGen.EncryptType.HLSEncryption);// Optional. If you set the encryption method to HLSEncryption, only videos that are encrypted by using HLS encryption are returned. 
    playerConfig.setMtsHlsUriToken("User token");// Optional. Specify this parameter if you want to verify the user token. 
    vidSts.setPlayConfig(playerConfig);
    vidSts.setVid("Video ID"); // Required. The video ID. 
    vidSts.setAccessKeyId("<your AccessKey ID>"); // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
    vidSts.setAccessKeySecret("<your AccessKey secret>");// Required. The AccessKey secret that is issued together with the STS token. To generate the AccessKey secret, call the AssumeRole operation in STS. 
    vidSts.setSecurityToken("<your security token>");// Required. The security token. To generate an STS token, call the AssumeRole operation in STS. 
    vidSts.setRegion("Access region"); // Required. The ID of the region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. 
    // vidAuth.setAuthTimeout(3600);// Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
    aliPlayer.setDataSource(vidSts);

    Use UrlSource to play an HLS-encrypted live stream

    Similar to the playback of unencrypted videos, you do not need to set additional parameters if you use a streaming URL to play live streams encrypted by using HLS.

    UrlSource urlSource = new UrlSource();
            urlSource.setUri("Streaming URL");// Required. The streaming URL that is encrypted by using HLS. 
            aliPlayer.setDataSource(urlSource);

Use ApsaraVideo Player SDK for iOS

Limits

HLS encryption supports all HLS-compatible players. You can use a self-developed player or an open source player to play HLS-encrypted videos. The following content describes how to play an HLS-encrypted video in ApsaraVideo Player. ApsaraVideo Player supports the transmission of the user token. Alibaba Cloud CDN dynamically modifies the decryption URI in the .m3u8 file. The decryption URI contains the user token. Then, you can verify the user token.

Procedure

You can integrate ApsaraVideo Player SDK for iOS into your application. The following content describes how to use ApsaraVideo Player SDK for iOS for playback and provides sample code:

  1. Integrate ApsaraVideo Player SDK for iOS.

    For more information, see Quick integration.

  2. Create a player for playback.

    For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods based on your business requirements.

    Use VidAuth to play an HLS-encrypted on-demand video

    If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:

    AVPVidAuthSource *authSource = [[AVPVidAuthSource alloc] init];
    authSource.vid = @"Vid"; // Required. The video ID. 
    authSource.playAuth = @"<yourPlayAuth>"; // Required. The playback credential. To obtain a playback credential, call the GetVideoPlayAuth operation in ApsaraVideo VOD. 
    authSource.region = @"Access region"; // This parameter is deprecated in ApsaraVideo Player SDK V5.5.5.0 or later. If you use ApsaraVideo Player SDK V5.5.5.0 or later, the player automatically parses the region information. If you use ApsaraVideo Player SDK V5.5.5.0 or earlier, this parameter is required. Specify the ID of the region in which ApsaraVideo VOD is activated for this parameter. Default value: cn-shanghai. 
    // authSource.authTimeout=3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
    
    // Build the config parameter based on VidPlayerConfigGenerator.
    VidPlayerConfigGenerator* config = [[VidPlayerConfigGenerator alloc]init];
    [config addVidPlayerConfigByStringValue:@"EncryptType" value:@"HLSEncryption"]; // Optional. If you set the encryption method to HLSEncryption, only videos that are encrypted by using HLS encryption are returned. 
    [config setHlsUriToken: @"xxxxxxx"]; // Optional. You can pass this parameter if you want to verify MtsHlsUriToken. 
    source.playConfig = [config generatePlayerConfig];
    
    // Configure the playback source.
    [self.player setAuthSource:authSource];
    

    Use VidSts to play an HLS-encrypted on-demand video

    If streams that are encrypted by using a method other than HLS encryption exist or unencrypted streams exist, you can set the encryption method to HLSEncryption to filter videos that are encrypted by using HLS encryption. Sample code:

    AVPVidStsSource *source = [[AVPVidStsSource alloc] init];
    source.vid = @"Vid"; // Required. The ID of the video. 
    source.region = @"Access region"; // Required. The region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. 
    source.securityToken = @"<yourSecurityToken>"; // Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. 
    source.accessKeySecret = @"<yourAccessKeySecret>"; // Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. 
    source.accessKeyId = @"<yourAccessKeyId>"; // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
    // source.authTimeout = 3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
    
    // Build the config parameter based on VidPlayerConfigGenerator.
    VidPlayerConfigGenerator* config = [[VidPlayerConfigGenerator alloc]init];
    [config addVidPlayerConfigByStringValue:@"EncryptType" value:@"HLSEncryption"]; // Optional. If you set the encryption method to HLSEncryption, only videos that are encrypted by using HLS encryption are returned. 
    [config setHlsUriToken: @"xxxxxxx"]; // Optional. You can pass this parameter if you want to verify MtsHlsUriToken. 
    source.playConfig = [config generatePlayerConfig]; 
    
    // Configure the playback source.
    [self.player setStsSource:source];
    

    Use UrlSource to play an HLS-encrypted live stream

    Similar to the playback of unencrypted videos, you do not need to set additional parameters if you use a streaming URL to play live streams encrypted by using HLS.

    AVPUrlSource *urlSource = [[AVPUrlSource alloc] urlWithString:url]; // Required. The HLS-encrypted streaming URL. 
    [self.player setUrlSource:urlSource];

FAQ

For more information about the common questions about HLS encryption and corresponding solutions, see FAQ about HLS encryption.

DRM encryption

Overview

ApsaraVideo VOD supports DRM encryption technologies that are commonly used in the industry. You can add and manage DRM certificates and enable DRM encryption in the ApsaraVideo VOD console to ensure the security of your copyrighted video content. Widevine and Fairplay DRM encryption are supported.

For more information about the benefits and architecture of DRM encryption, see Introduction.

Configure DRM encryption

You can enable this feature only in the ApsaraVideo VOD console. For more information, see Enable DRM encryption.

Use ApsaraVideo Player SDK for Web

Limits

You can use only ApsaraVideo Player to play DRM-encrypted videos.

Procedure

You can embed ApsaraVideo Player SDK for Web into a web page to play videos encrypted by using Alibaba Cloud proprietary cryptography. Sample code:

Note

Before you use ApsaraVideo Player SDK for Web, make sure that your browser supports the playback of DRM-encrypted videos. The following items describe the compatibility of ApsaraVideo Player.

  • HTML5 players can be used in browsers on mobile devices and PCs. For more information about supported browsers, see the Features of the HTML5 player supported by browsers section of the Overview topic.

  • Flash players can be used only in browsers on PCs. For more information, see the Browsers supported by the Flash player section of the Overview topic.

Use VidSts to play a DRM-encrypted on-demand video

If you use VidSts to play a DRM-encrypted on-demand video, you must set the isDrm parameter to true. This setting is optional if you play an unencrypted video. isDrm: true specifies that DRM encryption is enabled.

<!DOCTYPE html>
 <html>
     <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
      <title>Demo for the playback of a DRM-encrypted on-demand video</title>
      <link rel="stylesheet" href="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/skins/default/aliplayer-min.css" />
      <script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/aliplayer-min.js"></script>
     </head>
     <body>
         <div class="prism-player" id="J_prismPlayer"></div>
         <script>
             var player = new Aliplayer({
               id: 'J_prismPlayer',
               width: '100%',
               isDrm: true,
               vid : '<your video ID>',// Required. You can log on to the ApsaraVideo VOD console and choose Media Files > Audio/Video to obtain the video ID. Example: 1e067a2831b641db90d570b6480f****. 
               accessKeyId: '<your AccessKey ID>',// Required. The AccessKey ID of the temporary AccessKey pair. To obtain the AccessKey ID, call the AssumeRole operation in STS. 
               securityToken: '<your STS token>',// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. 
               accessKeySecret: '<your AccessKey secret>',// Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. 
               region: '<region of your video>', // Required. The ID of the region in which the media asset is stored, such as cn-shanghai, eu-central-1, or ap-southeast-1. 
               certId: '<your certificate ID>', // This parameter is required for playback on Apple devices. This parameter is used to request an Apple certificate. You can obtain the value of this parameter in the ApsaraVideo VOD console or the ApsaraVideo Live console based on how DRM encryption is performed. 
                               // authTimeout: 7200, // The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 7200 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
             },function(player){
               console.log('The player is created.')
            });
         </script>
     </body>
 </html>

Use LiveStsSource to play a DRM-encrypted live stream

If you use LiveStsSource to play a DRM-encrypted live stream, you must specify the streaming URL and STS token. For more information, see Use STS to upload videos. Sample code:

<!DOCTYPE html>
 <html>
     <head>
      <meta charset="UTF-8">
      <meta name="viewport" content="width=device-width, height=device-height, initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no" />
      <title>Demo for playing a DRM-encrypted live stream</title>
      <link rel="stylesheet" href="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/skins/default/aliplayer-min.css" />
      <script charset="utf-8" type="text/javascript" src="https://g.alicdn.com/apsara-media-box/imp-web-player/2.16.3/aliplayer-min.js"></script>
     </head>
     <body>
         <div class="prism-player" id="J_prismPlayer"></div>
         <script>
             var player = new Aliplayer({
               id: 'J_prismPlayer',
               width: '100%',
               isLive: true, // Set this parameter to true. 
               isDrm: true,
               source: '<your live stream url>',// Required. The streaming URL of the live stream that is encrypted by DRM. 
               accessKeyId: '<your AccessKey ID>',// Required. The AccessKey ID of the temporary AccessKey pair. To obtain the AccessKey ID, call the AssumeRole operation in STS. 
               securityToken: '<your STS token>',// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. 
               accessKeySecret: '<your AccessKey secret>',// Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
               region: '<region of your video>', // Required. The ID of the region in which the media asset is stored, such as cn-shanghai, eu-central-1, or ap-southeast-1. 
               certId: '<your certificate ID>', // This parameter is required for playback on Apple devices. This parameter is used to request an Apple certificate. You can obtain the certificate ID from the ApsaraVideo VOD or ApsaraVideo Live console. 
             },function(player){
               console.log('The player is created.')
            });
         </script>
     </body>
 </html>

Use ApsaraVideo Player SDK for Android

Limits

You can use only ApsaraVideo Player to play DRM-encrypted videos.

Procedure

You can integrate ApsaraVideo Player SDK for Android into your application. The following content describes how to use ApsaraVideo Player SDK for Android for playback and provides sample code:

  1. Integrate ApsaraVideo Player SDK for Android.

    For more information, see Quick integration.

  2. Create a player for playback.

    For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.

    Use VidSts to play a DRM-encrypted on-demand video

    Similar to the playback of unencrypted videos, you do not need to set additional parameters if you use VidSts to play on-demand videos encrypted by using DRM.

    VidSts vidSts = new VidSts();
            vidSts.setVid("Video ID"); // Required. The video ID. 
            vidSts.setAccessKeyId("<your AccessKey ID>"); // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
            vidSts.setAccessKeySecret("<your AccessKey secret>");// Required. The AccessKey secret that is issued together with the STS token. To generate the AccessKey secret, call the AssumeRole operation in STS. 
            vidSts.setSecurityToken("<your security token>");// Required. The security token. To generate an STS token, call the AssumeRole operation in STS. 
            vidSts.setRegion("Access region"); // Required. The ID of the region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. 
            // vidAuth.setAuthTimeout(3600);// The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
            aliPlayer.setDataSource(vidSts);

    Use LiveStsSource to play a DRM-encrypted live stream

    If you use LiveStsSource to play a live stream encrypted by using DRM, you must specify the streaming URL and STS token and set the encryption method to WideVine_FairPlay. Sample code:

    1. Configure a playback source.

      Set AVPLiveStsSource as the playback source.

      // Create the AVPLiveStsSource playback source. You must set EncryptionType to WideVine_FairPlay.
      LiveSts liveSts = new LiveSts();
      liveSts.setUrl("<your live stream url>");// Required. The HLS URL of the live stream that is encrypted by DRM. 
      liveSts.setAccessKeyId("<your AccessKey ID>");// Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
      liveSts.setAccessKeySecret("<your AccessKey secret>");// Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. 
      liveSts.setSecurityToken("<your STS token>");// Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. 
      liveSts.setDomain("<your Domain>");// Required. The name of the streaming domain. 
      liveSts.setApp("<your App Name>");// Required. The name of the application to which the live stream belongs. 
      liveSts.setStream("<your Stream Name>");// Required. The name of the live stream. 
      liveSts.setEncryptionType(LiveSts.LiveEncryptionType.WideVine_FairPlay);// Required. Set the encryption method to WideVine_FairPlay.  
      liveSts.setRegion("<region of your video>");// Required. The region in which ApsaraVideo VOD is activated, such as cn-shanghai. 
      // Configure the playback source.
      aliPlayer.setDataSource(liveSts);
      // Prepare for playback.
      aliPlayer.prepare();
    2. Check whether the STS token is valid.

      The encryption key may change during the playback of encrypted live streams. When the key is changed, the player sends a request to obtain the latest key from STS. You must check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.

      mAliyunVodPlayer.setOnVerifyTimeExpireCallback(new AliPlayer.OnVerifyTimeExpireCallback() {
      		@Override
          public AliPlayer.Status onVerifySts(StsInfo info) {
              if (The token can be used){
                  return IPlayer.StsStatus.Valid;
              }
      
              if(A valid STS token can be obtained){
                  Obtain STS();// This operation can be synchronously or asynchronously performed. 
                  return IPlayer.StsStatus.Pending;
              }
              // If the token is invalid and the latest STS token cannot be obtained, we recommend that you stop the playback to prevent screen flickers. 
              mAliyunVodPlayer.stop();
              return IPlayer.StsStatus.Invalid;
          }
      
          @Override
          public AliPlayer.Status onVerifyAuth(VidAuth auth) {
              return AliPlayer.Status.Valid;
          }
      });
      Note

      After you obtain a valid STS token, you must call updateLiveStsInfo to update the STS token. If the token failed to be obtained, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.

      mAliyunVodPlayer.updateStsInfo(stsInfo);

Use ApsaraVideo Player SDK for iOS

Limits

You can use only ApsaraVideo Player to play DRM-encrypted videos.

Procedure

You can integrate ApsaraVideo Player SDK for iOS into your application. The following content describes how to use ApsaraVideo Player SDK for iOS for playback and provides sample code:

  1. Integrate ApsaraVideo Player SDK for iOS.

    For more information, see Quick integration.

  2. Create a player for playback.

    For more information, see Create a player. In Step 3: Configure a playback source, configure a playback source by using one of the following methods.

    Note

    You must call setFairPlayCertID of AliPlayerGlobalSettings to specify the ID of your FairPlay certificate. You need to call this method only once. To obtain the certificate ID, perform the following steps: Log on to the ApsaraVideo VOD console and choose Configuration Management > Media Processing > DRM Certificates.

     [AliPlayerGlobalSettings setFairPlayCertID:@"Certificate ID obtained in the ApsaraVideo VOD console"];

    Use VidSts to play a DRM-encrypted on-demand video

    Similar to the playback of unencrypted videos, you do not need to set additional parameters if you use VidSts to play on-demand videos encrypted by using DRM.

    AVPVidStsSource *source = [[AVPVidStsSource alloc] init];
    source.region = @"Access region"; // Required. The region in which ApsaraVideo VOD is activated. Default value: cn-shanghai. 
    source.vid = @"Vid"; // Required. The ID of the video. 
    source.securityToken = @"<yourSecurityToken>"; // Required. The STS token. To generate an STS token, call the AssumeRole operation in STS. 
    source.accessKeySecret = @"<yourAccessKeySecret>"; // Required. The AccessKey secret that is generated when the temporary STS token is issued. To generate the AccessKey secret, call the AssumeRole operation in STS. 
    source.accessKeyId = @"<yourAccessKeyId>"; // Required. The AccessKey ID that is generated when the temporary STS token is issued. To generate the AccessKey ID, call the AssumeRole operation in STS. 
    // source.authTimeout = 3600; // Optional. The validity period of the playback URL. Unit: seconds. If you have configured a validity period for signed URLs in the ApsaraVideo VOD console, the configuration of this parameter takes precedence. If you leave this parameter empty, the default value 3600 is used. The validity period must be longer than the actual duration of the video. Otherwise, the playback URL expires before the playback is complete. 
     // Configure the playback source.
     [self.player setStsSource:source]

    Use LiveStsSource to play a DRM-encrypted live stream

    If you use LiveStsSource to play a live stream encrypted by using DRM, you must specify the streaming URL and STS token and set the encryption method to ENCRYPTION_TYPE_FAIRPLAY. Sample code:

    1. Configure a playback source.

      Set AVPLiveStsSource as the playback source.

      // Create the AVPLiveStsSource playback source. You must set encryptionType to ENCRYPTION_TYPE_FAIRPLAY.
      AVPLiveStsSource *liveStsSource = [[AVPLiveStsSource alloc] initWithUrl:@"Streaming URL" 
                                                                  accessKeyId:@"Temporary AccessKey ID" 
                                                                  accessKeySecret:@""Temporary AccessKey secret" 
                                                                  securityToken:@"Security token" 
                                                                  region:@"Region name" 
                                                                  domain:@"Streaming domain" 
                                                                  app:@"Application name" 
                                                                  stream:@"Stream name" 
                                                                  encryptionType:ENCRYPTION_TYPE_FAIRPLAY];// Required. Set the encryption method to ENCRYPTION_TYPE_FAIRPLAY. 
       // Configure the playback source.
       [self.aliPlayer setLiveStsSource:liveStsSource];
       ......
       // Prepare for playback.
       [self.aliPlayer prepare];

    2. Check whether the STS token is valid.

      The encryption key may change during the playback of encrypted live streams. When the key is changed, the player sends a request to obtain the latest key from STS. Check whether the STS token is valid. If the token is invalid, the playback of encrypted live streams is affected.

       __weak typeof(self) weakSelf = self;
      [self.aliPlayer setVerifyStsCallback:^AVPStsStatus(AVPStsInfo info) {
          if (The token can be used) {
              return Valid;
          }
          if(A valid STS token can be obtained){
              Obtain STS();// This operation can be synchronously or asynchronously performed. 
              return Pending;
          }
          [weakSelf.aliPlayer stop];
          return Invalid;
      }];
      Note

      After you obtain a valid STS token, call updateLiveStsInfo to update the STS token. If the token failed to be obtained, we recommend that you stop the playback. If you do not update the STS token, the player uses the expired STS token to obtain the encryption key. If the STS token becomes invalid, the screen may flicker or the playback may fail.

      [self.aliPlayer updateLiveStsInfo:self.liveStsSource.accessKeyId accKey:self.liveStsSource.accessKeySecret token:self.liveStsSource.securityToken region:self.liveStsSource.region];

References

Playback of encrypted videos