Correct way to use authentication for the streamer?


Let’s say that we create a manual entry following these instructions:


That all works amazingly.

Now, I am looking for ways to password protect the stream source, so if someone can guess the stream name could not hijack it.

This seems the only solution I found:

And so we added a php endpoint in the application that works and returns correctly a 201 for good creds and a 404 for bad ones.

I try, in vain, to make use of it in the real case scenario.

in nginx.conf I have:

application kLive {
        live on; # Allows live input from above


The auth works and returns 201:

`curl -is “” | head -1

HTTP/1.1 201 Created

Then, if I create a stream named ‘test’ and I want to password protect it, I see this flying in the logs:

94.252.xx.yy [15/Apr/2021:19:46:50 +0200] PUBLISH "kLive" "test" "" - 5352475 529 "" "FMLE/3.0 (compatible; FMSc/1.0)" (10s)

The stream would not start. I tried by passing the name and psk in the stream key ( after, like test?, etc. I tried also creating the stream to match the username, like

Nothing works so far.

What would be the correct way to implement this or other authentication method to protect the production of the streams?



We implemented the same solution but found out that it was possible to publish different streams with the same auth key.

So this is what we did:

rtmp {
server {
listen 1935; # Listen on standard RTMP port
chunk_size 4000;
# This application is to accept incoming stream
application kLive {
live on; # Allows live input from above
allow publish all;
allow play;
deny play all;
#Stream validation
Basically, you need to go the AAA way in order to get it working correctly.

auth.php verifies the key
auth_publish.php verifies that both key and stream are correct.

Remember that different streamers may need different setups. This is how we setup OBS:

server: rtmp://
Stream key: mystreamkeyxxx

I hope this helps.


@david.eusse thanks for the tips.

I am in the process of deploying a different back end, this time distributed. I am having all sorts of new issues.

I will try this once I am up and running.