Skip to main content
All CollectionsFrequently Asked Questions
How to protect a live signal by using tokens - Closed Access
How to protect a live signal by using tokens - Closed Access

This article describes how to generate an access token for the security of a media or live stream.

Miguel Giraldo avatar
Written by Miguel Giraldo
Updated over 3 years ago

Mediastream allows you to add a layer of security in your Live Streaming through the use of Token, here we will explain how to generate the tokens and how they have to be included in the Mediastream iframe that later can be added to the website you want.

The documentation for the process of generating a token via API can be found in the following link: https://platform.mediastre.am/developer/docs/api

Platform configuration

First you must check the module "Access Restrictions" option "Closed Access". In this way, it would already be configured from Platform to receive the generated access token.

When checking the "Closed Access" option, the publication points will change, so it must be modified from the encoder.

Token creation

To generate the access token, the API must be called and then the access token must be included in the iframe or embed as described below:

1. A POST call to the API must be generated with the following structure:

  • Endpoint:

https://platform.mediastre.am/api/access/issueid=5f6b6dc7xxxxxxxx&type=live&token=6b8722ce599xxx

Description querystring parameters that are mandatory:

  • id: corresponds to the live id.

  • type: indicates whether it is a media or a live.

  • token: corresponds to the token generated from Platform with write and read permissions.

You can also enter the following optional parameters:

  • ip: playback will occur only if the user's public IP address matches this value.

  • user_agent: will be played only if the user's user_agent matches this value.

  • time_limit: playback will be allowed only for the seconds indicated in this field, after the token has been issued.

It is important that API calls to generate tokens are made by the backend and not by the front end. If Mediastream finds token generation code on the front end of its clients it will deactivate the corresponding API tokens for security reasons.

2. Executing this querystring returns the following:

  • status: Ok in case the query succeeds.

  • message: reporting that the access token was generated.

  • access_token: contains the generated token to be used.

Token usage:

The generated access token is used as follows:

  • For iframe (html5):

  • In case of using only the Playlist:

  • In case of using only the embed:


If you have any related questions feel free to write us through the chat.

Atte. Mediastream team

Did this answer your question?