Use content protection to:
- Prevent unauthorized websites from embedding your content;
- Limit your exclusive, premium or confidential content to your target audience only.
1.0 | How it works (in short)
By marking a clip as “exclusive”, the embedcode will be required to include a calculated token. This calculated token is a time based one-time password (TOTP) which expires after a specified “time step window” (by default 1 hour). Invalid tokens will result in an empty player.
To calculate a token, the shared secret of a designated Blue Billywig API key is required. The shared secret itself is not included in the request and is only known to the client and the Blue Billywig platform. This way only authorized websites are able to calculate a token.
2.0 | How to pass a calculated token
Pass a calculated token as a parameter on 1) the embedcode ‘src’, 2) the player URL or 3) the Blue Billywig viewpage URL using the following format:
?token={10_digit_token}
Examples (note: the examples below use a dummy clip url and token):
Embedcode
<script type="text/javascript" src="https://yourcompanyname.bbvms.com/p/default/c/1234567.js?token=0123456789 async="true"></script>
Player URL:
https://yourcompanyname.bbvms.com/p/default/c/1234567.html?token=0123456789
View page:
https://yourcompanyname.bbvms.com/view/default/1234567.html?token=0123456789
3.0 | How to calculate a token
3.1 | Mark a clip as exclusive
Mark a clip as “exclusive” in the mediaclip metadata (learn more about metadata)
3.2 | Calculate a token
- Use the shared secret of the API key as input
- Open the details of the designated API key provided by the support team
- Copy the shared secret:
>
>
- Use the current time as timestamp;
- Set the time step window as provided by our support team. By default 3600 (1 hour);
- Use the clip id as “salt”;
- Create a 10 digit token.
4.0 | Code examples
4.1 | PHP
The following example uses a PHP class for HMAC Based One Time Passwords (https://github.com/Jakobo/hotp-php). The HOTP:generateByTime() function is used with the API secret concatenated with the clip id as input to calculate a hash based or 10 digit token with a 3600 time step window.
<?php include_once("hotp.class.php"); $sharedSecret='shared secret not displayed here'; // API key secret $clipId='1234567' // dummy media clip id $sharedSecret .= $clipId; // clip id is used as “salt" $expire = 3600; $result=HOTP::generateByTime($sharedSecret,$expire,time()); echo $result->toString();
4.2 | Node.js
The following example uses the speakeasy package. The generateRpcToken() function is used with the API secret concatenated with the clip id as input to calculate a 10 digit token with a 3600 time step window:
const speakeasy = require("speakeasy"); let SHARED_SECRET = "shared secret not displayed here"; // API key secret const clipID = "1234567"; // dummy media clip id SHARED_SECRET += clipID; // clip id is used as “salt" const token = speakeasy.totp({ secret: SHARED_SECRET, digits: 10, step: 3600, }); console.log(token);