Some content is only meant for specific audiences. Use content protection to:
- Prevent unauthorized websites from embedding your content;
- Limit your exclusive, premium or confidential content to your target audience only.
In this article, we’ll guide you through creating and applying content protection policies to your content.
Currently, content protection policies can only mediaclips be applied to mediaclips.
1.0 | What is a Content Protection Policy?
A policy can consist of one or more of the following types of rules:
- Country: specify which countries are allowed or blocked from viewing your content.
- Domain: choose which websites (URLs) are allowed or blocked to play your content.
- IP: restrict video access to specific IP addresses.
- Token: use tokens to provide advanced access control. Tokens are useful when you need more granular control. In contrast to a country, domain or IP policy, the backend of your website/application needs to be able to “generate” a valid token. Read more about generating tokens in the last section of this article (see 5.0 | Advanced – Using Token Secrets).
2.0 | Create a Content Protection Policy
To create a Content Protection policy:
- In the OVP, click “Publication Settings” in the left menu panel;
- Select “Content Protection” and add a new Content Protection Policy;
…
…
- Name your policy and enter a description. This helps keep track of what the policy is for. The provided name and description will appear throughout the OVP.
2.1 | Create a Rule Set
A rule set determines under what conditions viewers are allowed to watch your content:
- Select a type:
- Country
- Domain
- IP
- Token (advanced use only; to create a rule set for a token, you will need to create a ‘secret’ first: see 5.0 Advanced – Using Token Secrets)
- Configure a rule by using “is” or “is not” statements :
- Is / is any of: use to allow one or more countries, domains, or IPs addresses
- Is not / is none of: use to exclude one or more countries, domains, or IP addresses.
…
Example 1: only allow views from Spain:
…
…
Example 2: only allow views from www.my-exclusive-channel.com:
…
…
Example 3: allow views from all countries except from Poland and US:
…
…
- Combine multiple rules using “and” and “or” conditions:
- And: use to ensure all conditions are met before allowing content to be viewed.
- Or: use to ensure only one condition needs to be true.
…
Example 1: only allow views if the visit is from France and if the visit is on www.my-daily-news.fr.
…
…
Example 2: allow views if the visit is from France or if the visitor’s IP address is 12.2345.678.910.
…
2.2 | Blocked Content Display
Choose what viewers see when your content protection policy blocks content:
- Show content, but prevent it from playing
…
…
…
- Don’t show content (the background color set in the playout settings will be shown):
…
3.0 | Apply a Content Protection Policy
To apply a Content Protection Policy:
- In the OVP, click “Media Library” in the left menu panel;
- Select “Media clips” and open the “Content Protection” tab;
……
…
- Select a Content Protection Policy in the dropdown menu
The name, description and rules defined in the policy are displayed as a helpful reminder of the content protection settings. Use the shortcut to the policy settings if adjustments are needed.
…
4.0 | Test Your Content Protection Policy
Embed your clip to test your policy settings. If the conditions are not met, a rejection is displayed in the player (as set in 3.0 | Apply a Content Protection Policy).
4.1 | Country
4.2 | Domain
4.3 | IP Address
4.4 | Token
5.0 | Advanced – Using Token Secrets
For advanced use cases, use tokens to authenticate viewers from accessing your content. This allows for more granular access control.
When using token protection, content can only be accessed when the website or your application is able to generate a token. To calculate a token, a shared secret of a Blue Billywig API “Secret” is required.
The shared secret itself is not included in the request and is therefore only known to the client and the Blue Billywig platform. This way only authorized websites are able to calculate a token.
5.1 | Create a token
To create a token:
- In the OVP, click “Publication Settings” in the left menu panel;
- Select “Secrets” and click “Create new content protection token”
- Enter a name and description.
…
…
- Set the token’s expiration duration to specify how long the token remains valid. After the expiration duration expires, the token becomes invalid and a new token needs to be generated.
- After saving your settings, a shared secret will become available:
…
…
Once created, the token will be available as an option when configuring a Token rule in your Content Protection policy.
…
…
Two types of tokens are supported:
- Time-based One-Time Passwords (TOTP; also referred to as RPC tokens)
- JSON Web Tokens (JWT)
5.2 | TOTP Token
Authenticating a request using a TOTP token requires two elements:
1) The ID of the Secret
2) The generated token itself.
The ID refers to the ID of the secret generated by the OVP:
…
…
The generated token must be generated with a time-step duration that is the same as the expiration time of the secret in the OVP in seconds.
Append the generated token to the ID, separated by a hyphen:
{ID}-{GENERATED_TOKEN}
Include the entire string in the “rpctoken” header or the “rpctoken” query parameter.
Example of TOTP token in the embedcode query parameter:
<script type="text/javascript" src="https://yourcompanyname.bbvms.com/p/default/c/1234567.js?rpctoken=123-0123456789" async="true"></script>
5.3 | JW Token
When authenticating a request using a JW token, sign the payload with the shared secret.
The calculated JWT can be provided by including it in the “Authorization” header as a “Bearer” token (i.e. ‘Bearer <token>’) of the content request. It can also be provided using the “jwt” header or the “jwt” query parameter.
Example of JWT in the embedcode query parameter:
<script type="text/javascript" src="https://yourcompanyname.bbvms.com/p/default/c/1234567.js?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" async="true"></script>