Overview

Signed URLs #

Review the "[Secure Your Stream](https://developers.cloudflare.com/stream/viewing-videos/securing-your-stream/#option-2-generating-signed-tokens-without-calling-the-token-endpoint)" page in Cloudflare Stream Developer Docs for full info.

Signed URLs are authenticated URLs to play protected videos. They are one-off links generated within your own application using a signing key you can get from Stream.

Overview # 

  sequenceDiagram

  actor Admin
  actor User
  participant Worker as Worker/Server
  participant Stream

  Admin ->> Stream: Upload video
  Admin ->> Stream: Require Signed URL on video
  Admin ->> Stream: Request signing key
  Stream -->> Admin: Generate and return signing key

  Admin ->> Worker: Create App/Worker with signing key

  User ->>+ Worker: Request video
  Worker ->> Worker: Confirm access
  Worker -->>- User: Generate and return signed URL
  User ->> Stream: Fetch content with specific URL
  Stream -->> User: Allow video playback

Storing the signing key in a Worker and creating signed URLs there eliminates the need to make Cloudflare API calls each time and also prevents leaking the signing key (or API tokens) to an end-user’s computer.

Demo #

This video should not load:

The video at https://customer-igynxd2rwhmuoxw8.cloudflarestream.com/ce800be43a9772f4bb02f35b860fb516/iframe requires signed URLs to be viewed. Replacing that video ID in the URL with a signed URL token will make it playable.

This form can send a Video ID to a Worker that will generate a signed URL for a video using my signing key. Give it a try.

Video ID:

Worker Results:


    

  

  



Read the code. It’s a “Pages Function,” but it’s just a Worker script within
this repository.



 
      

      

        
  



  

      
      August 7, 2024
    
  










  


 
        

  Scribbled by TSmith
  for Stream.
  Be sure to check out the official documentation
  first.