API Reference
Guides

Signed URL for video transcodes

In order to use a signed URL that provides URL expiry and security, you must generate the URL by setting an expiry and signing the URL using your FileSpin API_KEY and Access Id.

Besides the File Id and the transcode type (such as 480p-video.mp4), you'll need the below:-

ParameterTypeDescription
API KeystringYour API Key. This is available in your Authorization Settings page.
EXPIRYintegerSeconds since Unix Epoch time.
ACCESS_IDstringAccess Id that must be used to sign URLs. You can obtain your account's Access Id from the Authorization Settings page.

The signing process is as below (see code samples to the right):-

  1. Take the URL part staring with the FILE_ID and add an expiry in seconds since Epoch time and your Access Id, like 678d1dbb934c4a42aa4833e893346857/transcodes/480p-video.mp4?expiry=1452894790&accessId=IZJTAMBQGAYDAMBQGAYDAMBQGAYDANKT
  2. Using your API Key and the above URL part as the string-to-sign, calculate the HMAC signature
  3. Encode the signature to a base64 string and append as signature query parameter value

📘

Note that the URL parameter values must be url-encoded otherwise FileSpin may return a authorization error.

Example of a signed video URL

<<CDN_HOST>>/api/v1/assets/f99255d2bf8142b29561641491e9940c/transcodes/480p-video.mp4?expiry=1452894790&accessId=IZJTAMBQGAYDAMBQGAYDAMBQGAYDANKT&signature=vsR0_NFfeLEJPc8MXWMh2xI2Qvg%3D

Code example in php

<?php
$api_key = '678d1dbb934c4a42aa4833e893346857'
$string_to_sign = 'f99255d2bf8142b29561641491e9940c/transcodes/480p-video.mp4?expiry=1452894790&accessId=IZJTAMBQGAYDAMBQGAYDAMBQGAYDANKT'
$signature = urlencode(base64_encode(hash_hmac('sha1', $string_to_sign, $api_key, true)));
$signed_url = '<<CDN_HOST>>/api/v1/assets/'.$string_to_sign.'&signature='.$signature

Code example in python

import base64, hmac, hashlib, urllib
from six import text_type, b

API_KEY = '678d1dbb934c4a42aa4833e893346857'
string_to_sign = 'f99255d2bf8142b29561641491e9940c/transcodes/480p-video.mp4?expiry=1452894790&accessId=IZJTAMBQGAYDAMBQGAYDAMBQGAYDANKT'
signature = urllib.quote_plus(base64.urlsafe_b64encode(hmac.new(b(API_KEY), text_type(string_to_sign).encode('utf-8'), hashlib.sha1).digest()))
signed_url = '%s%s&signature=%s' % ('<<CDN_HOST>>/api/v1/assets/',string_to_sign,signature)

Code example in java

import java.security.SignatureException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

String api_key = "678d1dbb934c4a42aa4833e893346857";
String string_to_sign = "f99255d2bf8142b29561641491e9940c/transcodes/480p-video.mp4?expiry=1452894790&accessId=IZJTAMBQGAYDAMBQGAYDAMBQGAYDANKT";
SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(api_key);
byte[] hmac = mac.doFinal(string_to_sign.getBytes());
String signature = Encoding.EncodeBase64(hmac);
String signed_url = "<<CDN_HOST>>/api/v1/assets/" + string_to_sign + "&signature=" + signature;

Code example in nodejs

const crypto = require("crypto");
const API_KEY = "0c3c6d026858460abc4de1dcb4de15ac";
const string_to_sign =
  "f99255d2bf8142b29561641491e9940c/transcodes/480p-custom-wm-video.mp4?expiry=1452894790&accessId=IZJTAMBQGAYDAMBQGAYDAMBQGAYDANKT";

const hash = crypto
  .createHmac("sha1", API_KEY)
  .update(string_to_sign)
  .digest("base64");
const signature = encodeURIComponent(hash.replaceAll("/", "_"));

const signed_url = `<<CDN_HOST>>/api/v1/assets/${string_to_sign}&signature=${signature}`;
console.log(signed_url);