Generate a signed content URL for DRM playback (JW Platform)


If you plan to use Chromecast to cast content that has DRM content protection enabled, a custom receiver must be used.

Use the following steps to generate a signed content URL for DRM playback:

  1. Retrieve the JW Player content URL. JW Player content URLs have the following format:{media_id}.

    APIUse the following steps to retrieve the media_id for the URL:

    β€’ Make a GET v2/sites/{sites_id}/media/ call.
    β€’ Locate the key for a content item in the API response.
    DashboardUse the following step to retrieve the media_id for the URL:

    From your JW Player dashboard Media Library, copy the media ID from the MEDIA ID column.

  1. Retrieve the JW DRM policy ID:
    a. From the Properties page, click the property name > Content Protections.
    b. In the Digital Rights Management section, copy the DRM policy ID from the DRM Policies table.


    Read Studio DRM with JW Platform Policy Reference to learn more about the DRM Policies.

  1. Append the DRM Policy ID to the content URL.{media_id}/drm/{policy_id}

  1. Sign the content URL by appending a JWT signature. We strongly recommend using a proxy service to generate JSON web tokens (JWTs). If you generate JWTs within client-side JavaScript or a native app, you risk exposing your API secret.{media_id}/drm/{policy_id}?token={token}

  1. Pass the content URL to a player or implementation.

Sample Code

The following code sample can be used as the foundation for your DRM implementation.

This script demonstrates how to generate a signed URL for requesting DRM assets from the JW Delivery API. 
It takes three arguments, a Media ID, a DRM Policy ID, and the V1 API secret (available in the 
API Credentials area of your JW Dashboard) for your DRM-enabled property. The signed URL will be 
printed to your terminal.


1.) Create and activate a Python virtual environment:
    - $ python3 -m venv venv
    - $ source venv/bin/activate
2.) Install `jose`, a JWT library
    - $ pip3 install python-jose
3.) Run script.
    - $ python3 {media_id} {drm_policy_id} {v1_api_property_secret}

import argparse
import json
import math
import time
from urllib.parse import urlparse

from jose import jwt

def generate_jwt_token(path: str, api_secret: str):
    Generates JWT token for given request path
    # Generate epoch timestamp of now + 1 hour for link expiration. 
    exp = math.ceil((time.time() + 3600))
    params = {"resource": path, "exp": exp, }
    return jwt.encode(params, api_secret, algorithm="HS256")

def generate_signed_drm_url(media_id: str, drm_policy_id: str, api_secret: str):
    Generates a signed URL which can be used to fetch a DRM-protected media asset
    path = f"/v2/media/{media_id}/drm/{drm_policy_id}"
    token = generate_jwt_token(path, api_secret)
    return f"{path}?token={token}"

if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("media_id", help="Media ID to request")
    parser.add_argument("drm_policy_id", help="DRM Policy settings to apply to session")
    parser.add_argument("api_secret", help="V1 API Secret for DRM-enabled property")
    args = parser.parse_args()
    signed_drm_url = generate_signed_drm_url(args.media_id, args.drm_policy_id, args.api_secret)