MENU
      Widevine/PlayReady license issuance
        • PDF

        Widevine/PlayReady license issuance

        • PDF

        Article summary

        An API issued through the One Click Multi DRM product to issue a license.
        This guide explains the license issuance API of Widevine and Playready DRM types. We provide FairPlay-type DRM licenses as a FairPlay Streaming license issuance API.

        Note

        The precautions for issuing licenses are as follows:

        • After the site is created, you must activate the site to issue the license.
        • Issuance of all licenses through One Click Multi DRM are based on the assumption that the DRM encryption packaging is ready.
        • One Click Multi DRM supports the response of binary (ORIGINAL)-type and the JSON-type licenses.
        • To use the license issued by One Click Multi DRM, you must request the license through apigw by including the X-DRM-TOKEN headers.
        • For the value to include in the X-DRM-TOKEN header, enter the Base64 string value converted from the JSON data.
        • Through the X-DRM-TOKEN header, the One Click Multi DRM product checks whether the user has permissions to the content and site and sets the DRM license rules according to the content security policies set in the requested site.
        • One Click Multi DRM supports effortless integration with NAVER Cloud's Video Player Enhancement product.
        • You must request all licenses through the information of the device for the DRM content playback and player implementation.
        Caution
        • The One Click Multi DRM product confirms the validity of the X-DRM-TOKEN header and issues the license that fits the selected site's settings. If the header value is invalid, the license is not issued.
        • You must select the license response type according to the player's license parsing type.
          For clients that only support general Multi DRM integration, such as HTML5 Player, the license response is usually supported as ORIGINAL.
        • The One Click Multi DRM product supports the registration of the FairPlay Streaming certificate. However, it does not support the new certificate issuance function. You must manually issue the FPS certificate from Apple. See the guide for details: FairPlay Streaming certificate issuance
        • The One Click Multi DRM product supports INKA Pallycon's token proxy issuance. See the guide for details on operations regarding the token proxy issuance: Pallycon token proxy-based license
        • The validity check is not supported for the FairPlay Streaming certificate uploaded to the One Click Multi DRM product.
        • At the X-DRM-TOKEN header for the One Click Multi DRM license request, the unique user ID of the user playing the content (user ID managed by the service site or user account using the DRM content) must be included.
        • The contentId to include in the X-DRM-TOKEN headers for the One Click Multi DRM license request must be identical to the CID used for the content's DRM packaging. For example, enter value identical to the contentId entered to Live Station's DRM settings.
        • If you request the One Click Multi DRM license using Video Player Enhancement, it will be supported only by versions 1.1.1 and later.

        Requests

        POST https://multi-drm.apigw.ntruss.com/api/v1/license
        HTTP

        Request headers

        Header nameRequirement statusDescription
        x-ncp-apigw-timestampYESThis is the number of milliseconds that have elapsed since January 1, 1970 00:00:00 (UTC)
        If the time difference compared to the API Gateway server is 5 minutes or longer, then the request is considered invalid
        x-ncp-apigw-timestamp:{Timestamp}
        x-ncp-iam-access-keyYESValue of access key ID issued in the NAVER Cloud Platform portal
        x-ncp-iam-access-key:{Sub Account Access Key}
        x-ncp-apigw-signature-v2YESSignature encrypted with the access key ID value and secret key
        x-ncp-apigw-signature-v2:{API Gateway Signature}
        Content-TypeYESSpecifies the request body content type as application/json
        Content-Type: application/json
        x-ncp-region_codeYESRegion code (KR)
        x-drm-tokenYESAn encrypted token value including the necessary data for One Click Multi DRM license issuance
        x-drm-token:{X-DRM-TOKEN}

        X-DRM-TOKEN headers

        You must authenticate X-DRM-TOKEN headers to issue the license through the One Click Multi DRM.
        For the X-DRM-TOKEN header value, enter the following Base64 string value converted from the JSON data.

        • Through the X-DRM-TOKEN header, the One Click Multi DRM product checks whether the user has permissions to the content and site and sets the DRM license rules according to the content security policies set in the requested site.
        Field nameRequirement statusValid valueDescription
        siteIdYESSite ID for license issuance
        contentIdYESUnique ID of content for playback
        Used during DRM packaging (for CPIX API request, the content ID value included in XML Body). You can enter 3 to 100 characters using English letters, numbers, hyphens (-), and underscores (_).
        drmTypeYESWIDEVINE
        PLAYREADY
        FAIRPLAY
        DRM type that requests license
        responseFormatYESORIGINAL
        JSON
        Response data type for the license request (default value: ORIGINAL)
        * ORIGINAL: data response for the requested binary license
        * JSON: responds in JSON format including the license data and additional information, such as client device ID. Only applicable when using token proxy or client SKD
        userIdYesStringUnique user ID of the user that requested the license (user ID managed by the service site or user account playing the DRM content)

        Create X-DRM-TOKEN headers

        The following describes how to create X-DRM-TOKEN.

        1. To request the license, enter the necessary fields, including siteId, contentId, drmType, responseFormat, and userId, in JSON.
        # json
        {"siteId":"drm-20231115142326-nHyNw","contentId":"my-drm-content-sample","drmType":"WIDEVINE","responseFormat":"original","userId":"d41d8cd98f00b204e9800998ecf8427e"}
        Plain text
        1. Encode the entered JSON data to Base64 URL.
        # Base64 Encrypted String
        eyJzaXRlSWQiOiJkcm0tMjAyMzExMTUxNDIzMjYtbkh5TnciLCJjb250ZW50SWQiOiJteS1kcm0tY29udGVudC1zYW1wbGUiLCJkcm1UeXBlIjoiV0lERVZJTkUiLCJyZXNwb25zZUZvcm1hdCI6Im9yaWdpbmFsIiwidXNlcklkIjoiZDQxZDhjZDk4ZjAwYjIwNGU5ODAwOTk4ZWNmODQyN2UifQ==
        Plain text
        Caution

        Be careful not to include spaces or line breaks in JSON during the Base64 encoding process.

        Examples

        Example of license issuance request including X-DRM-TOKEN header

        curl -i -X POST \
           -H "x-ncp-apigw-timestamp:1505290625682" \
           -H "x-ncp-iam-access-key:D78BB444D6D3C84CA38A" \
           -H "x-ncp-apigw-signature-v2:WTPItrmMIfLUk/UyUIyoQbA/z5hq9o3G8eQMolUzTEo=" \
           -H "x-ncp-region_code:KR" \
           -H "accept: application/json" \
           -H "X-DRM-TOKEN: eyJzaXRlSWQiOiJkcm0tMjAyMzExMTUxNDIzMjYtbkh5TnciLCJjb250ZW50SWQiOiJteS1kcm0tY29udGVudC1zYW1wbGUiLCJkcm1UeXBlIjoiV0lERVZJTkUiLCJyZXNwb25zZUZvcm1hdCI6Im9yaWdpbmFsIiwidXNlcklkIjoiZDQxZDhjZDk4ZjAwYjIwNGU5ODAwOTk4ZWNmODQyN2UifQ==" \
        'https://multi-drm.apigw.ntruss.com/api/v1/license'
        Plain text

        Response

        Note

        For the ORIGINAL-type license, the response is provided as binary.
        For the binary license request, the response example is not provided.

        Response to JSON-type license request

        Field nameRequirement statusTypeDescription
        licenseYesStringLicense JSON data
        licenseCreatedTimeYesTimestampLicense issuance time
        tokenCreatedTimeYesTimestampValid time after passing X-DRM-TOKEN header validity check
        tokenExpireTimeYesTimestampValid time of requested X-DRM-TOKEN header

        Response example

        HTTP/1.1 200 OK
        Server: nginx
        Date: Fri, 20 Nov 2023 20:53:32 GMT
        Content-Type: application/json;charset=utf-8
        Connection: keep-alive
        Access-Control-Allow-Origin: *
        x-ncp-trace-id: 36c9k60om4p3238cpmc9gm4cj4
        
        {
          "license": "080512BF050AB9020803121044E0A85CB19D0441AC6C66B3D6ABBCC218E39FC48D06228E023082010A0282010100B2FB0D937113004C0F805C6C57DE7B266E2B5E2FE12241FF1421ED55DE2C3F73F62891D7587A8ED153F4009D9522C3609A5DC3C4E43891F8F2D7B448B36E8B77AD96DC795795706D4289F8E61FBDF564AB57E5A5EDDB64FC4EA6891C793B3FC615998CB01214D769F5BC9F93DD96D5ACB7E7239F0C3749309C55C41DD889277B28D74ADA5CB9B3F760318B55EE7FB9336283E3792EA360CC3BD32F4FDB49C4D33A5836DE3428B62D027964A989F42AB37E123BE5EFC15285090B2601F09A93AAD66546D8F85820B882A1AA3D320A8759628BB177484A660D54711FDC338DB6119E34B49F927942A343F5AD069C06DBCAF3958F83F796EAC7BF5C860B893D6CB102030100013A08696E6B612E636F6D400248011280030078BF2DF3FF6F3A488B86023BD961B3FCA718DAA38976B74620A560A8524E53C16F064CB7528F174162F331C32AA0E72296DD15BB79CA986B7739A85C7A4AB4B06D8665CDD166C58C1E030D6232AEC7970801125CC59FB988265FFFD38BD04241AAFEBB91F8C933A9E70A3B52F0FBF29306F10A2AF91B30BD3EBE24D7890778898A4999F0F7D28BFFBBD6647B08D93EDEE309C2B4B9E3080F269A1C3DE899FDA800C277EC6D0882365B1C9805D0FF4DBEB2E8BA5C51F86F910F73C1776761B85F88943E44DDCD7ABF797C4A4BE2489D6BE4FAAE4569A435E5D5E3773636EF872706F155B271D6E49D4C750A51614DBBD5D2A0F9B8E352FA91B52EC19593F215BCEB2E8401CCC9757C48793C9AB4904B93C7D326BFFBB5E24CDBF297599FB22724C95C9D40D44455586B188A6D10658BEBE5F6CE812FABB8CA58282B5D28176D5DFF3B358692CC4FC6895A06C0B90A192D65F69AE07415DCEF6E54A677D5C769BA6E9CC24E2B968BC3E6E4D4E099E446D9F7E38740DBB708023E6D35D99F1B10",
          "licenseCreatedTime": 1700476438204,
          "tokenCreatedTime": 1700476438107,
          "tokenExpireTime": 1700477038107
        }
        HTTP

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.