segmented_content_protection
Version: v2025-01-13 | Includes use: Yes |
|---|
Behavior name: Segmented Media Protection
Validates authorization tokens at the edge server to prevent unauthorized link sharing.
Default behavior
These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.
data "akamai_property_rules_builder" "segmented_content_protection" {
rules_v2025_02_18 {
name = "Segmented Media Protection"
comments = "Validates authorization tokens at the edge server to prevent unauthorized link sharing."
behavior {
segmented_content_protection {
enabled = true,
key = "",
use_advanced = false
enable_token_in_uri = false
enable=_toke_in_query_string = false
hls_media_encryption = false
dash_media_encryption = false
}
}
}
}
"behaviors": [
{
"name": "segmentedContentProtection",
"options": {
"enabled": true,
"key": "",
"useAdvanced": false,
"enableTokenInURI": false,
"enableTokenInQueryString": false,
"hlsMediaEncryption": false,
"dashMediaEncryption": false
}
}
]
Options
| Option | Description |
|---|---|
enabled |
Enables the segmented content protection behavior.
|
key |
Specifies the encryption key to use as a shared secret to validate tokens.
|
use_advanced |
Allows you to specify advanced
transition_key and salt options.
|
transition_key |
Alternate encryption keys that let you to rotate keys with no down time.
|
salt |
Specifies a salt as input into the token for added security. This value needs to match the salt used in the token generation code.
|
header_for_salt |
This allows you to include additional salt properties specific to each end user to strengthen the relationship between the session token and playback session. This specifies the set of request headers whose values generate the salt value, typically
User-Agent, X-Playback-Session-Id, and Origin. Any specified header needs to appear in the player's request.
|
session_id |
Enabling this option carries the
session_id value from the access token over to the session token, for use in tracking and counting unique playback sessions.
|
data_payload |
Enabling this option carries the
data/payload field from the access token over to the session token, allowing access to opaque data for log analysis for a URL protected by a session token.
|
ip |
Enabling this restricts content access to a specific IP address, only appropriate if it does not change during the playback session.
|
acl |
Enabling this option carries the
ACL field from the access token over to the session token, to limit the requesting client's access to the specific URL or path set in the ACL field. Playback may fail if the base path of the master playlist (and variant playlist, plus segments) varies from that of the ACL field.
|
enable_token_in_uri |
When enabled, passes tokens in HLS variant manifest URLs and HLS segment URLs, as an alternative to cookies.
|
hls_master_manifest_files |
Specifies the set of filenames that form HLS master manifest URLs. You can use
* wildcard character that matches zero or more characters. Make sure to specify master manifest filenames uniquely, to distinguish them from variant manifest files.
|
enable_token_in_query_string |
When enabled, in the DASH media encryption variant, passes tokens in query strings, as an alternative to cookies.
|
token_revocation_enabled |
Enable this to deny requests from playback URLs that contain a
TokenAuth token that uses specific token identifiers.
|
revoked_list_id |
Identifies the
TokenAuth tokens to block from accessing your content.
|
hls_media_encryption |
Enables HLS Segment Encryption.
|
dash_media_encryption |
Whether to enable DASH Media Encryption.
|
Updated about 1 hour ago