Generate a signed content URL for DRM playback (JW Platform)


If you plan to use Chromecast to cast content that has DRM content protection enabled, a custom receiver must be used.

Use the following steps to generate a signed content URL for DRM playback:

  1. Retrieve the JWP content URL. JWP content URLs have the following format:{site_id}/media/{media_id}/playback.json.

    APIFollow these steps to retrieve the media_id for the URL:
    1. Make a GET v2/sites/{sites_id}/media/ call.
    2. Locate the key for a media item in the API response.
    DashboardFollow these steps to retrieve the media_id and site_id for the URL:
    1. From your JWP dashboard Media Library, copy the media ID from the MEDIA ID column.
    2. Copy the eight-digit, alphanumeric site ID from the browser URL

  1. Retrieve the JW DRM policy ID:
    i. On the Properties page, click the property name.
    ii. On the Content Protection tab, under Digital Rights Management, copy the DRM policy ID.


    Read Studio DRM with JW Platform Policy Reference to learn more about the DRM Policies.

  1. Append the DRM Policy ID to the content URL.{site_id}/media/{media_id}/playback.json?drm_policy_id={policy_id}

  1. Sign the content URL by appending a JWT signature. We strongly recommend using a proxy service to generate JSON web tokens (JWTs). If you generate JWTs within client-side JavaScript or a native app, you risk exposing your API secret.{site_id}/media/{media_id}/playback.json?drm_policy_id={policy_id}&token={JWT}

  1. Pass the content URL to a player or other implementation.

Sample Code

The following code sample can be used as the foundation for your DRM implementation.

This script demonstrates how to generate a signed URL for requesting DRM assets from the JWP Delivery API. 
It takes four arguments: a Site ID, a Media ID, a DRM Policy ID, and the V1 API secret (available in the 
API Credentials area of your JWP Dashboard) for your DRM-enabled property. The signed URL will be 
printed to your terminal.


1.) Create and activate a Python virtual environment:
    - $ python3 -m venv venv
    - $ source venv/bin/activate
2.) Install `jose`, a JWT library
    - $ pip3 install python-jose
3.) Run script.
    - $ python3 {site_id} {media_id} {drm_policy_id} {v1_api_property_secret}

import argparse
import json
import math
import time
from urllib.parse import urlparse

from jose import jwt

def generate_jwt_token(path: str, api_secret: str):
    Generates JWT token for given request path
    # Generate epoch timestamp of now + 1 hour for link expiration. 
    exp = math.ceil((time.time() + 3600))
    params = {"resource": path, "exp": exp}
    return jwt.encode(params, api_secret, algorithm="HS256")

def generate_signed_drm_url(site_id: str, media_id: str, drm_policy_id: str, api_secret: str):
    Generates a signed URL which can be used to fetch a DRM-protected media asset
    path = f"/v2/sites/{site_id}/media/{media_id}/playback.json?drm_policy_id={drm_policy_id}"
    token = generate_jwt_token(path, api_secret)
    return f"{path}&token={token}"

if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("site_id", help="Site ID where the media exists")
    parser.add_argument("media_id", help="Media ID to request")
    parser.add_argument("drm_policy_id", help="DRM Policy settings to apply to session")
    parser.add_argument("api_secret", help="V1 API Secret for DRM-enabled property")
    args = parser.parse_args()
    signed_drm_url = generate_signed_drm_url(args.site_id, args.media_id, args.drm_policy_id, args.api_secret)