Embed in HTML videos securely

I’d like to check in and see how can videos be more securely embeded in an HTML. Here’s what I mean with “securely”.

  1. All videos have a public facing URL, I know this cannot be hidden from the HTML but there may be options either obfuscate or restrict.
  2. Can restrictions for IPs be added via code when you upload videos using the API?
  3. I have seen other platforms use what’s called a “sssion token” that is sent as part of the URL in order to play the video. If the session is lost/expires after some time the link no longer works nor the session token so even if you have the player URL you will not be able to reproduce it until you regenerate a session (reload page where the video is embeded for example)
  4. Restrict videos to certain URLs for embeding and not being able to see the standalone player in a direct link. This will have an impact if I try to embed videos in my company’s Mobile App (can a “domain” whitelist be added for playing/embedding in an iOS/Android App?).

I am just thinking options out loud here, I’d like to also hear what other options kaltura has for restricting playback. Also important to know if options are available at the player level or at a more general KMC level, it wold be very good to fine tune different players for different playback and security-level scenarios.


I guess you can apply a token to the url to authorize the access to media files.
I paste some text from:

CDN-based delivery

Media packaged by nginx-vod-module can be protected using CDN tokens, this works as follows:

  • Some application authenticates the user and decides whether the user should be allowed to watch a specific video. If the user is allowed, the application generates a tokenized URL for the manifest of the video.
  • The CDN validates the token, and if found to be valid, forwards the request to nginx-vod-module on the origin.
  • The nginx server builds the manifest response and generates tokens for the segment URLs contained inside it. The module https://github.com/kaltura/nginx-secure-token-module can be used to accomplish this task, it currently support Akamai tokens and CloudFront tokens. See the readme of this module for more details.
  • The CDN validates the token on each segment that is requested.

Thanks for the insight.
I was trying to check options that would be configuration based before moving forward with more complex (development) options.

I see that even if you add IP restrictions, going to the video URL directly trumps all security settings right?

According to my testing the IP restrictions will remain valid even when accessing the direct link to the video.
I would still want to know how to successfully implement the “token” restriction (generating a session with a token and making the video available only while the token is active for a visitor).

what you mean under "active for a visitor"
nginx secure link module provide several options to restrict access.
based on ip or on timestamp or both.


When using a CDN that supports it, you can set a token generation in the admin console->publishers->your partner->profiles->delivery profiles.
Once you select a delivery type, you will have a form which includes:
"Tokenizer Configuration"
where you can select a token type, input a key and select the window size.

That would mean all delivery URLs will include this token and, once expired, the CDN will refuse to serve the content until a new token is generated.

This is mostly useful to prevent people from getting the direct URL for the entry using an HTTP sniffer and hitting it from outside the player later on.

So this can be configured at the CDN level and will affect videos across the board?
Will I need to develop some way to generate/request a token on my website’s code on every user log in? Or will it all be handled by the CDN and the Kaltura video embedding code?

Hi, I’d be interested in implementing the token generation and restrict playback based on token.
Does anybody have a sort of tutorial or guide to implement this kind of Access Restriction?