How to globally secure streaming links?

Greetings!

We rely on Kaltura’s HLS & MPEG-DASH streaming capability and the stream URLs that we feed into the web player are unprotected — anyone can take the link and play the content w/o the need for any authentication.

The streaming link is delivered via the CDN, sample link below:

https://cdnapisec.kaltura.com/p/123/sp/123/playManifest/entryId/abc/format/applehttp/flavorParamIds/ids/protocol/https/video.mp4

We’d like to make the streaming links temporary by attaching a KS (Kaltura Session) to them that will expire after as certain amount of time.
It worked as expected — when a valid session was attached, the video would play. If the session was invalid or stale, the video wouldn’t play. However, if someone omitted the KS session parameter altogether, this stream became accessible again.

We haven’t been able to make all our streaming links KS protected through the KMC, but then found this article that indicates that CDN level security needs to be enabled by Kaltura support (see URL tokenization in the table): Kaltura Online Video Security Capabilities | Kaltura Knowledge Center

My question now is — will enabling URL tokenization at the CDN level make all streaming links require a valid KS, or does it use a different mechanism for securing content? URL tokenization mentions a token with TTL, but it doesn’t explicitly mention KS, hence my uncertainty in this area.

Your help will be much appreciated!

Hello,
I suggest going through the Kaltura delivery profiles and try to configure a protected one (Akamai HD):
There are some examples on the VOD packager ngino configs that might help you.

I hope this helps