Use content protection to:
- Prevent unauthorized websites from embedding your content;
- Limit your exclusive, premium or confidential content to your target audience only.
Contact our support team at support@bluebillywig.com to enable our content protection feature. An “exclusive” checkbox will be added to the clip metadata and a designated API key will be created.
1.0 | How it works (in short)
By marking a clip as “exclusive”, the embedcode will be required to include a calculated token. This calculated token is a time based one-time password (TOTP) which expires after a specified “time step window” (by default 1 hour). Invalid tokens will result in an empty player.
To calculate a token, the shared secret of a designated Blue Billywig API key is required. The shared secret itself is not included in the request and is only known to the client and the Blue Billywig platform. This way only authorized websites are able to calculate a token.
No, after a valid token is calculated, playback will not be affected when the time step window expires. For example: if the time step window is 1 hour (default), viewers will be able to keep playing the video well after the hour passes. As soon as the time step window expires, a new valid token will only need to be calculated again after the page is reloaded.
2.0 | How to pass a calculated token
Pass a calculated token as a parameter on 1) the embedcode ‘src’, 2) the player URL or 3) the Blue Billywig viewpage URL using the following format:
?token={10_digit_token}Examples (note: the examples below use a dummy clip url and token):
Embedcode
<script type="text/javascript" src="https://yourcompanyname.bbvms.com/p/default/c/1234567.js?token=0123456789 async="true"></script>Player URL:
https://yourcompanyname.bbvms.com/p/default/c/1234567.html?token=0123456789View page:
https://yourcompanyname.bbvms.com/view/default/1234567.html?token=01234567893.0 | How to calculate a token
Contact our support team at support@bluebillywig.com to enable our content protection feature. An “exclusive” checkbox will be added to the clip metadata and a designated API key will be created.
3.1 | Mark a clip as exclusive
Mark a clip as “exclusive” in the mediaclip metadata (learn more about metadata)
3.2 | Calculate a token
- Use the shared secret of the API key as input
- Open the details of the designated API key provided by the support team
- Copy the shared secret:
>
>CautionAPI keys offer access to your data. Keep your API keys secure by not sharing your credentials in GitHub repositories or client-side code.
- Use the current time as timestamp;
- Set the time step window as provided by our support team. By default 3600 (1 hour);
- Use the clip id as “salt”;
- Create a 10 digit token.
4.0 | Code examples
4.1 | PHP
The following example uses a PHP class for HMAC Based One Time Passwords (https://github.com/Jakobo/hotp-php). The HOTP:generateByTime() function is used with the API secret concatenated with the clip id as input to calculate a hash based or 10 digit token with a 3600 time step window.
<?php
include_once("hotp.class.php");
$sharedSecret='shared secret not displayed here'; // API key secret
$clipId='1234567' // dummy media clip id
$sharedSecret .= $clipId; // clip id is used as “salt"
$expire = 3600;
$result=HOTP::generateByTime($sharedSecret,$expire,time());
echo $result->toString();4.2 | Node.js
The following example uses the speakeasy package. The generateRpcToken() function is used with the API secret concatenated with the clip id as input to calculate a 10 digit token with a 3600 time step window:
const speakeasy = require("speakeasy");
let SHARED_SECRET = "shared secret not displayed here"; // API key secret
const clipID = "1234567"; // dummy media clip id
SHARED_SECRET += clipID; // clip id is used as “salt"
const token = speakeasy.totp({
secret: SHARED_SECRET,
digits: 10,
step: 3600,
});
console.log(token);