Learn how to use Wowza Media Systems to package your media for Studio DRM.
Wowza Media Systems (Wowza) is a streaming solutions provider. Encryption keys requested and retrieved through any supported key provider API are compatible with Wowza.
Configure Wowza
Use the following steps to configure Wowza to support Studio DRM:
- Stop Wowza from appending the session ID to the license server URL.
- Change the
EXT-X-VERSIONfor HLS stream to5. - Set the Studio DRM settings:
• HLS
• MPEG-DASH
Widevine, PlayReady, and FairPlay key values can be set in the same file.
You can also use the Studio DRM Wowza API to set the keys.
Studio DRM Wowza API
The Studio DRM Wowza API is a small Docker web API application which runs on the Wowza server, allowing the provisioning of keyfiles through a simple REST interface.
The Studio DRM Wowza has been tested with Wowza Streaming Engine version 4.7.7.
In the following example, the API is exposed on port 9000 and the API key is set to a GUID.
docker run -d --restart always -p 9000:80 \
-e WOWZADRMAPI_APIKEY=93640045-31f1-45c0-aa0d-b5682d7c9ac8 \
-e WOWZADRMAPI_KEYFILESPATH=/mnt/keyfiles \
-e WOWZADRMAPI_GRANDCENTRALURL=https://config.vudrm.tech/v1/clients \
-e WOWZADRMAPI_KEYPROVIDERURL=https://keyprovider.vudrm.tech \
-v [wowza-install-dir]/keys:/mnt/keyfiles \
--name wowza-drm-api vualto/wowza-drm-api:1.0.0
All requests to the API must be authorized with an
x-api-keyheader whose value must match that set by theWOWZADRMAPI_APIKEYenvironment variable. A missing or mismatchedx-api-keyheader will yield a401 Unauthorizedstatus.
Retrieve contents of Wowza stream keyfile
/api/keyfile/{streamid}
Returns the contents of the keyfile for the specified Wowza stream if it exists
A 404 error is returned if the Wowza stream does not exist.
Path Parameter
| Parameter | Description |
|---|---|
| streamid | ID of the stream to protect This is the name of the .key file created on the server |
Create a Wowza stream keyfile
/api/keyfile/{streamid}
Creates or overwrites the keyfile for the Wowza stream
Keys can be supplied either automatically using the Studio DRM Key Provision Services or manually.
Request
curl -X POST /api/keyfile/{streamid} \
-H 'API-KEY: {api_key}'\
-d '{}'
Path Parameter
| Parameter | Description |
|---|---|
| streamid | ID of the stream to protect This is the name of the .key file created on the server |
Body Parameter
{
"cenc": {
"keyid": "RNpS70UjCY5oVHd+4yJoHQ==",
"contentkey": "lnA03mLuxnL3toiRMxV4Zw=="
},
"playready": {
"laurl": "https://playready-license.vudrm.tech/rightsmanager.asmx",
"checksum": "pcTs6CEp98A="
},
"widevine": {
"psshdata": "IiRkN2EyOTk1Ni0yOTgwLTQzMzgtYjYyNy04N2MxZjA3OWUwOTFI49yVmwY="
},
"fairplay": {
"key": "CBF76BB43B9A54254A5FC20074A3A53B",
"iv": "1A3F2AA76D84742DD123E3E50E7BC681",
"laurl": "skd://fairplay-license.vudrm.tech/license/d7a29956-2980-4338-b627-87c1f079e091"
}
}
{
"contentId": "mycontentid",
"client": "my-client-name",
"clientApiKey": "8f30c7d2-a9b9-474e-907b-97a190abd6c4",
"drmJson": "{\"drm_provider\": \"VUALTO\"}"
}
| Parameter | Description |
|---|---|
| cenc object | Common Encryption Scheme (CENC) encryption key object Required for Playready or Widevine. See: cenc object |
| client string | Name of the DRM account |
| clientApiKey string | API key for accessing Studio DRM APIs |
| contentId string | Unique identifier for the content |
| drmjson object | (Internal use only) Set to null. |
| fairplay object | FairPlay encryption key object See: fairplay object |
| playready object | PlayReady encryption key object See: playready object |
| widevine object | Widevine encryption key object See: widevine object |
| Parameter | Description |
|---|---|
| contentkey string | 128-bit encryption key in base64 in Big Endian |
| keyid string | Unique ID for the encryption in base64 in Big Endian |
| Parameter | Description |
|---|---|
| iv string | FairPlay encryption key |
| key string | FairPlay unique ID for the encryption |
| laurl string | FairPlay license server URL that at the point of the request to the license server the skd:// protocol should be replaced with https:// |
| Parameter | Description |
|---|---|
| checksum string | PlayReady security value |
| laurl string | PlayReady license server URL |
| Parameter | Description |
|---|---|
| psshdata string | PSSH data from the Widevine PSSH box that usually contains encryption scheme and content ID |
Response
mpegdashstreaming-cenc-key-id: MT8jItzhV+ay+3QEtoyIxQ==
mpegdashstreaming-cenc-content-key: EcZ9tM1adkoleC1hwFlpQw==
mpegdashstreaming-cenc-algorithm: AESCTR
mpegdashstreaming-cenc-keyserver-widevine: true
mpegdashstreaming-cenc-keyserver-widevine-system-id: edef8ba9-79d6-4ace-a3c8-27dcd51d21ed
mpegdashstreaming-cenc-keyserver-widevine-pssh-data: Igp3b3d6YS1kZW1vSOPclZsG
mpegdashstreaming-cenc-keyserver-playready: true
mpegdashstreaming-cenc-keyserver-playready-system-id: 9a04f079-9840-4286-ab92-e65be0885f95
mpegdashstreaming-cenc-keyserver-playready-license-url: https://playready-license.vudrm.tech/rightsmanager.asmx
mpegdashstreaming-cenc-keyserver-playready-checksum: Mv5YB5EhHKw=
cupertinostreaming-aes128-method: SAMPLE-AES
cupertinostreaming-aes128-url: skd://fairplay-license.vudrm.tech/license/wowza-demo
cupertinostreaming-aes128-key: 24F79075974B8E1BC8AF576925B8458F
cupertinostreaming-aes128-iv: A140A11A450DBC04E67F39B850C13D41
cupertinostreaming-aes128-iv-include-in-chunklist: false
cupertinostreaming-aes128-key-format: com.apple.streamingkeydelivery
cupertinostreaming-aes128-key-format-version: 1
Response Parameters
| Parameter | Description |
|---|---|
| cupertinostreaming-aes128-iv | The iv_hex value from the Fairplay Response |
| cupertinostreaming-aes128-iv-include-in-chunklist | Must be set to false |
| cupertinostreaming-aes128-key | The key_hex value from the Fairplay Response |
| cupertinostreaming-aes128-key-format | Must be set to com.apple.streamingkeydelivery |
| cupertinostreaming-aes128-key-format-version | Must be set to 1 |
| cupertinostreaming-aes128-method | Must be set to SAMPLE-AES |
| cupertinostreaming-aes128-url | The laurl value from the Fairplay Response |
| mpegdashstreaming-cenc-algorithm | Must be set to AESCTR |
| mpegdashstreaming-cenc-content-key | The content_key value from the CENC Response |
| mpegdashstreaming-cenc-key-id | The key_id_big value from the CENC Response |
| mpegdashstreaming-cenc-keyserver-playready | Must be set to true |
| mpegdashstreaming-cenc-keyserver-playready-checksum | The checksum value from the CENC Response |
| mpegdashstreaming-cenc-keyserver-playready-license-url | The playready_laurl value from the CENC Response |
| mpegdashstreaming-cenc-keyserver-playready-system-id | Must be set to 9a04f079-9840-4286-ab92-e65be0885f95 |
| mpegdashstreaming-cenc-keyserver-widevine | Must be set to true |
| mpegdashstreaming-cenc-keyserver-widevine-pssh-data | The widevine_drm_specific_data value from the CENC Response |
| mpegdashstreaming-cenc-keyserver-widevine-system-id | Must be set to edef8ba9-79d6-4ace-a3c8-27dcd51d21ed |
Delete a Wowza stream keyfile
/api/keyfile/{streamid}
Remove the keyfile for the specified Wowza stream, returning its contents before deletion
Request
curl -X DELETE /api/keyfile/{streamid} \
-H 'API-KEY: {api_key}'
Path Parameter
| Parameter | Description |
|---|---|
| streamid | ID of the stream to protect This is the name of the .key file created on the server |
Stream Tester
Validate your Studio DRM-protected stream in web environments using the JWP Stream Tester.