Traditional Video integration

In case of most media integration, a static media URL is sent to the client. The client can use this to begin playing media. A client in this case can be either a web app or a mobile/tv application. The data to provided to the client is a long-lived url which can be used multiple times.

DRM video integration

When you are working with premium content, a requirement for secure video hosting is that you give only a one-time usable resource. This URL to DRM video should be generated only when the client is authenticated and has the permission to get access to the file. Only the server component has the authority to generate this temporary resource access.

In case of Vdocipher, the temporary access URL is the otp while the authority to generate this OTP is the api secret key.

The API secret key must never be shipped along with the app code. The app SDK just needs an OTP for playback. Hence, the right way of doing this is to create an API endpoint as part of the app backend that you already have. This API endpoint should receive an authenticated HTTP request for playing a video (assuming you are authenticating users by some means such as login, etc.) and respond with an OTP. It is the backend system which should be responsible for making API calls. The viewer simply asks to play a particular video. This is followed by an access check on your web server. Your web server then takes the VdoCipher id for that video, and calls for OTP on the VdoCipher API.

A workflow in this case will be:
1. Client logs in and has an auth token for your backend framework
2. Client requests to play that hot new video.
3. Your Backend translates that hot new video into the corresponding VdoCipher id
4. Your Backend makes the API call to Vdocipher to get an otp.
5. Your Backend responds to the request with OTP
6. Client uses this OTP to play the video.

An architecture implementation for Widevine DRM and free trial is included here.