Wowza Live Cam Secure Expired Token

Hits: 5599  
Wowza Live Cam Secure Expired Token
Wowza Live Cam Secure Expired Token

// Encrypt original stream URL http://wowza-server:port/stream/playlist.m3u8
$base64ized = encryptDecrypt($secret_key, $streamURL, 0);

// Decrypt stream URL
$streamURL = encryptDecrypt($secret_key, $base64ized, 1);


// Expire stream URL after time interval & check secure token
if (($current – $timestamp) <= $expired && ($checkhash == $hash)) { include("m3u8.php"); } m3u8.php

header(“content-type: application/”);
echo file_get_contents(“http://wowza-server:port/stream/playlist.m3u8”);

Compile or build flowplayer or jwplayer to create secure token for wowza server

Hits: 10317  

I think you already read our last article for wowza mediasecurity addon package

There are 2 methods to put secure token for video players like flowplayer or jwplayer…

1. Token inside javascript code (shared secret)
2. Token inside flowplayer or jwplayer source code (compile the token inside the plugin)

The shared secret known by the server and the client only. If you really want to keep this secret you need to follow 2nd option 😉

We need to install following software in order to work on Flowplayer Flash plugins:

Flex SDK

Java Development Kit (JDK) & Apache Ant

Flow Player

You can find all steps to compile Flow Player with secure plugin here


# you need to adjust following to point to your Flex SDK

# change following to point to .exe files when running on Windows
mxmlc_bin= D:/flex_sdk/bin/mxmlc.exe
compc_bin= D:/flex_sdk/bin/compc.exe
asdoc_bin= D:/flex_sdk/bin/asdoc.exe



Modify Secure Token here… flowplayer.securestreaming/src/actionscript/org/flowplayer/securestreaming/

private var _token:String = “#hv%h0#s@1”; // token that used for wowza server security 😉

Building the player
CD (change directory) to the flowplayer.core and execute ant at the command prompt:

> ant

If you see “BUILD SUCCESSFUL”, the build was successful and you have a working player located at flowplayer.core/build/flowplayer.swf.

Get more help here…

JW Player

You can find all steps to compile JW Player with secure token here

So, now the question is how to protect SWF (with token) files from hotlink, theft, download and Leech

Contact us to add SecureToken protection to JWPlayer and FlowPlayer for Wowza, Red5, FMS media files.

Email: svnlabs[at]
Mobile: +919928673578
Skype: svnlabs
MSN: svnlabs[at]

Secure Token Plugin with PHP

Hits: 5135  

You might read our old article on how-to-prevent-downloading-and-leeching-media-files

You can review below code to secure your media files to be downloaded other then media players 😉

Creating a Secure Token SWF for JW Player

Secure Token have time limit after that token expire to get media files.

var timestamp = +new Date();

flowplayer("player", "", {
plugins: {
    secure: {
        url: 'player/flowplayer.securestreaming-3.2.3.swf',

        timestamp: timestamp,

        token: '69964920064c0a7626e6c97997070fcd'

clip: {
    autoPlay: false,
    autoBuffering: true,
    duration: 30,
    urlResolvers: 'secure',
    baseUrl: ''
// Get the file from the server
function get_file(){
header('Content-Description: File Transfer');
header('Content-type: video/mp4');
header("Content-length: ".filesize($streamname));
header("Expires: 0");
header("Content-Transfer-Encoding: binary");
// Return secret to flowplayer for use
function get_secret(){