1. Home
  2. Content Protection (Legacy)

Content Protection (Legacy)


Legacy warning: no longer supported

This article contains information on our legacy content protection configurations. Read more about our fully supported Content Protection Policy feature to get started.

Use content protection to:

  • Prevent unauthorized websites from embedding your content;
  • Limit your exclusive, premium or confidential content to your target audience only.
Before you get started...

Contact our support team at support@bluebillywig.com to enable our content protection feature. An “exclusive” checkbox will be added to the clip metadata and a designated API key will be created.

1.0 | How it works (in short)

By marking a clip as “exclusive”, the embedcode will be required to include a calculated token. This calculated token is a time based one-time password (TOTP) which expires after a specified “time step window” (by default 1 hour). Invalid tokens will result in an empty player.

To calculate a token, the shared secret of a designated Blue Billywig API key is required. The shared secret itself is not included in the request and is only known to the client and the Blue Billywig platform. This way only authorized websites are able to calculate a token.

FAQ: will my video suddenly stop playing when the time step window expires?

No, after a valid token is calculated, playback will not be affected when the time step window expires. For example: if the time step window is 1 hour (default), viewers will be able to keep playing the video well after the hour passes. As soon as the time step window expires, a new valid token will only need to be calculated again after the page is reloaded.

2.0 | How to pass a calculated token

Pass a calculated token as a parameter on 1) the embedcode ‘src’, 2) the player URL or 3) the Blue Billywig viewpage URL using the following format:

?token={10_digit_token}

Examples (note: the examples below use a dummy clip url and token):

Embedcode

<script type="text/javascript" src="https://yourcompanyname.bbvms.com/p/default/c/1234567.js?token=0123456789 async="true"></script>

Player URL:

https://yourcompanyname.bbvms.com/p/default/c/1234567.html?token=0123456789

View page: 

https://yourcompanyname.bbvms.com/view/default/1234567.html?token=0123456789

3.0 | How to calculate a token

Before you get started...

Contact our support team at support@bluebillywig.com to enable our content protection feature. An “exclusive” checkbox will be added to the clip metadata and a designated API key will be created.

3.1 | Mark a clip as exclusive

Mark a clip as “exclusive” in the mediaclip metadata (learn more about metadata)

3.2 | Calculate a token

  • Use the shared secret of the API key as input
    • Open the details of the designated API key provided by the support team
    • Copy the shared secret:
      >
      >
      Caution

      API keys offer access to your data. Keep your API keys secure by not sharing your credentials in GitHub repositories or client-side code.

    • Use the current time as timestamp;
    • Set the time step window as provided by our support team. By default 3600 (1 hour);
    • Use the clip id as “salt”;
    • Create a 10 digit token.

4.0 | Code examples

4.1 | PHP

The following example uses a PHP class for HMAC Based One Time Passwords (https://github.com/Jakobo/hotp-php). The HOTP:generateByTime() function is used with the API secret concatenated with the clip id as input to calculate a hash based or 10 digit token with a 3600 time step window.

PHP code example
<?php 
include_once("hotp.class.php"); 

$sharedSecret='shared secret not displayed here'; // API key secret 
$clipId='1234567' // dummy media clip id
$sharedSecret .= $clipId; // clip id is used as “salt" 
$expire = 3600; 

$result=HOTP::generateByTime($sharedSecret,$expire,time()); 
echo $result->toString();

4.2 | Node.js

The following example uses the speakeasy package. The generateRpcToken() function is used with the API secret concatenated with the clip id as input to calculate a 10 digit token with a 3600 time step window:

Node.js code example
const speakeasy = require("speakeasy");

let SHARED_SECRET = "shared secret not displayed here"; // API key secret
const clipID = "1234567"; // dummy media clip id
SHARED_SECRET += clipID; // clip id is used as “salt"

const token = speakeasy.totp({
   secret: SHARED_SECRET, 
   digits: 10,
   step: 3600,
});

console.log(token);

Was this article helpful?

Contact Support
Can't find the answer you're looking for?
Contact Support