Generate a signed content URL for DRM playback (JW Platform)


💡

If you plan to use Chromecast to cast content that has DRM content protection enabled, a custom receiver must be used.

Use the following steps to generate a signed content URL for DRM playback:

  1. Retrieve the JWP content URL. JWP content URLs have the following format: https://cdn.jwplayer.com/v2/sites/{site_id}/media/{media_id}/playback.json.

    ApproachNotes
    APIFollow these steps to retrieve the media_id for the URL:
    1. Make a GET v2/sites/{sites_id}/media/ call.
    2. Locate the key for a media item in the API response.
    DashboardFollow these steps to retrieve the media_id and site_id for the URL:
    1. From your JWP dashboard Media Library, copy the media ID from the MEDIA ID column.
    2. Copy the eight-digit, alphanumeric site ID from the browser URL
  2. Retrieve the JW DRM policy ID:
    i. On the Properties page, click the property name.
    ii. On the Content Protection tab, under Digital Rights Management, copy the DRM policy ID.

    📘

    Read Studio DRM with JW Platform Policy Reference to learn more about the DRM Policies.

  3. Append the DRM Policy ID to the content URL.

    https://cdn.jwplayer.com/v2/sites/{site_id}/media/{media_id}/playback.json?drm_policy_id={policy_id}
    
  4. Sign the content URL by appending a JWT signature. We strongly recommend using a proxy service to generate JSON web tokens (JWTs). If you generate JWTs within client-side JavaScript or a native app, you risk exposing your API secret.

    https://cdn.jwplayer.com/v2/sites/{site_id}/media/{media_id}/playback.json?drm_policy_id={policy_id}&token={JWT}
    
  5. Pass the content URL to a player or other implementation.



Sample Code

The following code sample can be used as the foundation for your DRM implementation.

"""
This script demonstrates how to generate a signed URL for requesting DRM assets from the JWP Delivery API. 
It takes four arguments: a Site ID, a Media ID, a DRM Policy ID, and the V1 API secret (available in the 
API Credentials area of your JWP Dashboard) for your DRM-enabled property. The signed URL will be 
printed to your terminal.

Usage

1.) Create and activate a Python virtual environment:
    - $ python3 -m venv venv
    - $ source venv/bin/activate
2.) Install `jose`, a JWT library
    - $ pip3 install python-jose
3.) Run script.
    - $ python3 jw_drm.py {site_id} {media_id} {drm_policy_id} {v1_api_property_secret}
"""

import argparse
import json
import math
import time
from urllib.parse import urlparse

from jose import jwt

def generate_jwt_token(path: str, api_secret: str, parameters: dict[str, str]):
    """
    Generates JWT token for given request path
    """
    # Generate epoch timestamp of now + 1 hour for link expiration. 
    exp = math.ceil((time.time() + 3600))
    params = {**parameters, "resource": path, "exp": exp}
    return jwt.encode(params, api_secret, algorithm="HS256")

def generate_signed_drm_url(site_id: str, media_id: str, drm_policy_id: str, api_secret: str):
    """
    Generates a signed URL which can be used to fetch a DRM-protected media asset
    """
    path = f"/v2/sites/{site_id}/media/{media_id}/playback.json"
    token = generate_jwt_token(path, api_secret, {"drm_policy_id": drm_policy_id})
    return f"https://cdn.jwplayer.com{path}?drm_policy_id={drm_policy_id}&token={token}"

if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument("site_id", help="Site ID where the media exists")
    parser.add_argument("media_id", help="Media ID to request")
    parser.add_argument("drm_policy_id", help="DRM Policy settings to apply to session")
    parser.add_argument("api_secret", help="V1 API Secret for DRM-enabled property")
    args = parser.parse_args()
    signed_drm_url = generate_signed_drm_url(args.site_id, args.media_id, args.drm_policy_id, args.api_secret)
    print(signed_drm_url)