- Print
- PDF
Widevine/PlayReady license issuance
- Print
- PDF
An API issued through the One Click Multi DRM product to issue a license.
This guide explains the license issuance API of Widevine and Playready DRM types. We provide FairPlay-type DRM licenses as a FairPlay Streaming license issuance API.
The precautions for issuing licenses are as follows:
- After the site is created, you must activate the site to issue the license.
- Issuance of all licenses through One Click Multi DRM are based on the assumption that the DRM encryption packaging is ready.
- One Click Multi DRM supports the response of binary (ORIGINAL)-type and the JSON-type licenses.
- To use the license issued by One Click Multi DRM, you must request the license through apigw by including the X-DRM-TOKEN headers.
- For the value to include in the X-DRM-TOKEN header, enter the Base64 string value converted from the JSON data.
- Through the X-DRM-TOKEN header, the One Click Multi DRM product checks whether the user has permissions to the content and site and sets the DRM license rules according to the content security policies set in the requested site.
- One Click Multi DRM supports effortless integration with NAVER Cloud's Video Player Enhancement product.
- You must request all licenses through the information of the device for the DRM content playback and player implementation.
- The One Click Multi DRM product confirms the validity of the X-DRM-TOKEN header and issues the license that fits the selected site's settings. If the header value is invalid, the license is not issued.
- You must select the license response type according to the player's license parsing type.
For clients that only support general Multi DRM integration, such as HTML5 Player, the license response is usually supported as ORIGINAL. - The One Click Multi DRM product supports the registration of the FairPlay Streaming certificate. However, it does not support the new certificate issuance function. You must manually issue the FPS certificate from Apple. See the guide for details: FairPlay Streaming certificate issuance
- The One Click Multi DRM product supports INKA Pallycon's token proxy issuance. See the guide for details on operations regarding the token proxy issuance: Pallycon token proxy-based license
- The validity check is not supported for the FairPlay Streaming certificate uploaded to the One Click Multi DRM product.
- At the X-DRM-TOKEN header for the One Click Multi DRM license request, the unique user ID of the user playing the content (user ID managed by the service site or user account using the DRM content) must be included.
- The contentId to include in the X-DRM-TOKEN headers for the One Click Multi DRM license request must be identical to the CID used for the content's DRM packaging. For example, enter value identical to the contentId entered to Live Station's DRM settings.
- If you request the One Click Multi DRM license using Video Player Enhancement, it will be supported only by versions 1.1.1 and later.
Requests
POST https://multi-drm.apigw.ntruss.com/api/v1/license
Request headers
Header name | Requirement status | Description |
---|---|---|
x-ncp-apigw-timestamp | YES | This is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 (UTC) If the time difference compared to the API Gateway server is 5 minutes or longer, then the request is considered invalid x-ncp-apigw-timestamp:{Timestamp} |
x-ncp-iam-access-key | YES | Value of access key ID issued in the NAVER Cloud Platform portalx-ncp-iam-access-key:{Sub Account Access Key} |
x-ncp-apigw-signature-v2 | YES | Signature encrypted with the access key ID value and secret keyx-ncp-apigw-signature-v2:{API Gateway Signature} |
Content-Type | YES | Specifies the request body content type as application/jsonContent-Type: application/json |
x-ncp-region_code | YES | Region code (KR) |
x-drm-token | YES | An encrypted token value including the necessary data for One Click Multi DRM license issuance x-drm-token:{X-DRM-TOKEN} |
X-DRM-TOKEN headers
You must authenticate X-DRM-TOKEN headers to issue the license through the One Click Multi DRM.
For the X-DRM-TOKEN header value, enter the following Base64 string value converted from the JSON data.
- Through the X-DRM-TOKEN header, the One Click Multi DRM product checks whether the user has permissions to the content and site and sets the DRM license rules according to the content security policies set in the requested site.
Field name | Requirement status | Valid value | Description |
---|---|---|---|
siteId | YES | Site ID for license issuance | |
contentId | YES | Unique ID of content for playback Used during DRM packaging (for CPIX API request, the content ID value included in XML Body). You can enter 3 to 100 characters using English letters, numbers, hyphens (-), and underscores (_). | |
drmType | YES | WIDEVINE PLAYREADY FAIRPLAY | DRM type that requests license |
responseFormat | YES | ORIGINAL JSON | Response data type for the license request (default value: ORIGINAL) * ORIGINAL: data response for the requested binary license * JSON: responds in JSON format including the license data and additional information, such as client device ID. Only applicable when using token proxy or client SKD |
userId | Yes | String | Unique user ID of the user that requested the license (user ID managed by the service site or user account playing the DRM content) |
Create X-DRM-TOKEN headers
The following describes how to create X-DRM-TOKEN.
- To request the license, enter the necessary fields, including siteId, contentId, drmType, responseFormat, and userId, in JSON.
# json
{"siteId":"drm-20231115142326-nHyNw","contentId":"my-drm-content-sample","drmType":"WIDEVINE","responseFormat":"original","userId":"d41d8cd98f00b204e9800998ecf8427e"}
- Encode the entered JSON data to Base64 URL.
# Base64 Encrypted String
eyJzaXRlSWQiOiJkcm0tMjAyMzExMTUxNDIzMjYtbkh5TnciLCJjb250ZW50SWQiOiJteS1kcm0tY29udGVudC1zYW1wbGUiLCJkcm1UeXBlIjoiV0lERVZJTkUiLCJyZXNwb25zZUZvcm1hdCI6Im9yaWdpbmFsIiwidXNlcklkIjoiZDQxZDhjZDk4ZjAwYjIwNGU5ODAwOTk4ZWNmODQyN2UifQ==
Be careful not to include spaces or line breaks in JSON during the Base64 encoding process.
Examples
Example of license issuance request including X-DRM-TOKEN header
curl -i -X POST \
-H "x-ncp-apigw-timestamp:1505290625682" \
-H "x-ncp-iam-access-key:D78BB444D6D3C84CA38A" \
-H "x-ncp-apigw-signature-v2:WTPItrmMIfLUk/UyUIyoQbA/z5hq9o3G8eQMolUzTEo=" \
-H "x-ncp-region_code:KR" \
-H "accept: application/json" \
-H "X-DRM-TOKEN: eyJzaXRlSWQiOiJkcm0tMjAyMzExMTUxNDIzMjYtbkh5TnciLCJjb250ZW50SWQiOiJteS1kcm0tY29udGVudC1zYW1wbGUiLCJkcm1UeXBlIjoiV0lERVZJTkUiLCJyZXNwb25zZUZvcm1hdCI6Im9yaWdpbmFsIiwidXNlcklkIjoiZDQxZDhjZDk4ZjAwYjIwNGU5ODAwOTk4ZWNmODQyN2UifQ==" \
'https://multi-drm.apigw.ntruss.com/api/v1/license'
Response
For the ORIGINAL-type license, the response is provided as binary.
For the binary license request, the response example is not provided.
Response to JSON-type license request
Field name | Requirement status | Type | Description |
---|---|---|---|
license | Yes | String | License JSON data |
licenseCreatedTime | Yes | Timestamp | License issuance time |
tokenCreatedTime | Yes | Timestamp | Valid time after passing X-DRM-TOKEN header validity check |
tokenExpireTime | Yes | Timestamp | Valid time of requested X-DRM-TOKEN header |
Response example
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 20 Nov 2023 20:53:32 GMT
Content-Type: application/json;charset=utf-8
Connection: keep-alive
Access-Control-Allow-Origin: *
x-ncp-trace-id: 36c9k60om4p3238cpmc9gm4cj4
{
"license": "080512BF050AB9020803121044E0A85CB19D0441AC6C66B3D6ABBCC218E39FC48D06228E023082010A0282010100B2FB0D937113004C0F805C6C57DE7B266E2B5E2FE12241FF1421ED55DE2C3F73F62891D7587A8ED153F4009D9522C3609A5DC3C4E43891F8F2D7B448B36E8B77AD96DC795795706D4289F8E61FBDF564AB57E5A5EDDB64FC4EA6891C793B3FC615998CB01214D769F5BC9F93DD96D5ACB7E7239F0C3749309C55C41DD889277B28D74ADA5CB9B3F760318B55EE7FB9336283E3792EA360CC3BD32F4FDB49C4D33A5836DE3428B62D027964A989F42AB37E123BE5EFC15285090B2601F09A93AAD66546D8F85820B882A1AA3D320A8759628BB177484A660D54711FDC338DB6119E34B49F927942A343F5AD069C06DBCAF3958F83F796EAC7BF5C860B893D6CB102030100013A08696E6B612E636F6D400248011280030078BF2DF3FF6F3A488B86023BD961B3FCA718DAA38976B74620A560A8524E53C16F064CB7528F174162F331C32AA0E72296DD15BB79CA986B7739A85C7A4AB4B06D8665CDD166C58C1E030D6232AEC7970801125CC59FB988265FFFD38BD04241AAFEBB91F8C933A9E70A3B52F0FBF29306F10A2AF91B30BD3EBE24D7890778898A4999F0F7D28BFFBBD6647B08D93EDEE309C2B4B9E3080F269A1C3DE899FDA800C277EC6D0882365B1C9805D0FF4DBEB2E8BA5C51F86F910F73C1776761B85F88943E44DDCD7ABF797C4A4BE2489D6BE4FAAE4569A435E5D5E3773636EF872706F155B271D6E49D4C750A51614DBBD5D2A0F9B8E352FA91B52EC19593F215BCEB2E8401CCC9757C48793C9AB4904B93C7D326BFFBB5E24CDBF297599FB22724C95C9D40D44455586B188A6D10658BEBE5F6CE812FABB8CA58282B5D28176D5DFF3B358692CC4FC6895A06C0B90A192D65F69AE07415DCEF6E54A677D5C769BA6E9CC24E2B968BC3E6E4D4E099E446D9F7E38740DBB708023E6D35D99F1B10",
"licenseCreatedTime": 1700476438204,
"tokenCreatedTime": 1700476438107,
"tokenExpireTime": 1700477038107
}