GuideReference
Reference

segmented_​content_​protection

  • Property Manager name: Segmented Media Protection
  • Behavior version: The v2023-01-05 rule format supports the segmented_​content_​protection behavior v2.0.
  • Rule format status: GA, stable
  • Access: Read/Write
  • Allowed in includes: Yes

Validates authorization tokens at the edge server to prevent unauthorized link sharing.

OptionTypeDescriptionRequires
enabledboolean

Enables the segmented content protection behavior.

{"displayType":"boolean","tag":"input","type":"checkbox"}
keyobject array

Specifies the encryption key to use as a shared secret to validate tokens.

{"displayType":"object array","tag":"input","todo":true}
{"if":{"attribute":"enabled","op":"eq","value":true}}
use_​advancedboolean

Allows you to specify advanced transition_​key and salt options.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
transition_​keyobject array

An alternate encryption key to match along with the key field, allowing you to rotate keys with no down time.

use_​advanced is true
{"displayType":"object array","tag":"input","todo":true}
{"if":{"attribute":"useAdvanced","op":"eq","value":true}}
saltobject array

Specifies a salt as input into the token for added security. This value needs to match the salt used in the token generation code.

use_​advanced is true
{"displayType":"object array","tag":"input","todo":true}
{"if":{"attribute":"useAdvanced","op":"eq","value":true}}
header_​for_​saltstring array

This allows you to include additional salt properties specific to each end user to strengthen the relationship between the session token and playback session. This specifies the set of request headers whose values generate the salt value, typically User-Agent, X-Playback-Session-Id, and Origin. Any specified header needs to appear in the player's request.

use_​advanced is true
{"displayType":"string array","tag":"input","todo":true}
{"if":{"attribute":"useAdvanced","op":"eq","value":true}}
session_​idboolean

Enabling this option carries the session_id value from the access token over to the session token, for use in tracking and counting unique playback sessions.

use_​advanced is true
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"useAdvanced","op":"eq","value":true}}
data_​payloadboolean

Enabling this option carries the data/payload field from the access token over to the session token, allowing access to opaque data for log analysis for a URL protected by a session token.

use_​advanced is true
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"useAdvanced","op":"eq","value":true}}
ipboolean

Enabling this restricts content access to a specific IP address, only appropriate if it does not change during the playback session.

use_​advanced is true
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"useAdvanced","op":"eq","value":true}}
aclboolean

Enabling this option carries the ACL field from the access token over to the session token, to limit the requesting client's access to the specific URL or path set in the ACL field. Playback may fail if the base path of the master playlist (and variant playlist, plus segments) varies from that of the ACL field.

use_​advanced is true
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"useAdvanced","op":"eq","value":true}}
enable_​token_​in_​uriboolean

When enabled, passes tokens in HLS variant manifest URLs and HLS segment URLs, as an alternative to cookies.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
hls_​master_​manifest_​filesstring array

Specifies the set of filenames that form HLS master manifest URLs. You can use * wildcard characters, but make sure to specify master manifest filenames uniquely, to distinguish them from variant manifest files.

enable_​token_​in_​uri is true
{"displayType":"string array","tag":"input","todo":true}
{"if":{"attribute":"enableTokenInURI","op":"eq","value":true}}
token_​revocation_​enabledboolean

Enable this to deny requests from playback URLs that contain a Token​Auth token that uses specific token identifiers.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"op":"and","params":[{"attribute":"enabled","op":"eq","value":true},{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"AccessRevocation"}]}}
revoked_​list_​idstring

Identifies the Token​Auth tokens to block from accessing your content.

token_​revocation_​enabled is true
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"tokenRevocationEnabled","op":"eq","value":true}}
hls_​media_​encryptionboolean

Enables HLS Segment Encryption.

{"displayType":"boolean","tag":"input","type":"checkbox"}
dash_​media_​encryptionboolean

Whether to enable DASH Media Encryption.

{"displayType":"boolean","tag":"input","type":"checkbox"}