For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
StatusSupportDiscussionsLog inSign Up
Docs HomeAPI ReferenceVideo on DemandAI FeaturesLive StreamingVideo PlayerVideo DataCloud PlayoutRecipes
Docs HomeAPI ReferenceVideo on DemandAI FeaturesLive StreamingVideo PlayerVideo DataCloud PlayoutRecipes
  • Player SDKs
    • Introduction
  • Web player
    • Install the FastPix web player
    • Play uploaded videos
    • Handle playback errors
  • Android player
    • Install FastPix Android player
    • Set up the player
    • Play uploaded videos
    • Handle playback errors
  • iOS player
    • Install FastPix iOS player
    • Play uploaded videos
    • Handle playback errors
      • Secure video playback
      • Play DRM-protected content
      • Use a custom domain
      • Switch audio tracks
      • Switch subtitle tracks
      • Add seek preview thumbnails
      • Enable Picture-in-Picture
      • Enable full-screen mode
      • Manage playlists
      • Add skip controls
      • Handle network changes
  • Flutter player
    • Install FastPix Flutter player
    • Play uploaded videos
    • Handle playback errors
LogoLogo
StatusSupportDiscussionsLog inSign Up
On this page
  • Security best practices
  • How access tokens work
  • Secure on-demand playback
  • Secure live stream playback
  • What’s next
iOS playerAdvanced features

Secure video playback

Was this page helpful?
Previous

Play DRM-protected content

Next
Built with

Learn how to protect private video content in the FastPix iOS Player using token-based authentication.

To control access to private media content, the FastPix iOS Player supports token-based authentication for both on-demand and live streams. Tokens ensure that only authorized users can view protected content.

Security best practices

When securing private media streams, follow these practices:

  • Access private media using dynamically generated, short-lived playback IDs tied to the user’s authenticated session.
  • Authenticate users (for example, using OAuth or JWT) before granting access to private media.
  • Always use HTTPS for API calls and media streams to prevent interception.
  • Generate signed tokens for playback IDs that are valid only for a limited time and associated with a specific user session.

How access tokens work

Access tokens are short-lived credentials that authenticate a user’s right to view content. When a user requests a stream, the player sends the token to verify authorization.

The token workflow:

  1. Generate the token server-side after the user authenticates. The token includes a signature and expiration date (for example, 1 hour). See how to generate access tokens for details.
  2. Pass the token to the player along with the playback ID when configuring playback.

For a detailed guide on JWT token generation, see Secure playback with JWTs.

Secure on-demand playback

Pass the playbackToken in PlaybackOptions to secure an on-demand stream:

1// Play an on-demand video with a token
2playerViewController.prepare(
3    playbackID: playbackID,
4    playbackOptions: PlaybackOptions(playbackToken: playbackToken)
5)

Secure live stream playback

For live streams, include both the streamType and playbackToken:

1// Play a live stream with a token
2playerViewController.prepare(
3    playbackID: playbackID,
4    playbackOptions: PlaybackOptions(
5        streamType: "live",
6        playbackToken: playbackToken
7    )
8)

What’s next

  • Play DRM-protected content for FairPlay DRM encryption.
  • Handle playback errors for troubleshooting token issues.