{"id":20007,"date":"2025-08-28T05:59:36","date_gmt":"2025-08-28T05:59:36","guid":{"rendered":"https:\/\/www.vdocipher.com\/blog\/?p=20007"},"modified":"2025-08-28T06:30:00","modified_gmt":"2025-08-28T06:30:00","slug":"token-based-urls-jwt-based-authentication-example-for-video-protection-what-how","status":"publish","type":"post","link":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/","title":{"rendered":"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How"},"content":{"rendered":"

Token-based URLs, also known as signed URLs or secure streaming tokens, are a powerful tool for protecting video content from unauthorized access and piracy. In the context of video streaming, a token-based URL is a special, time-limited link that grants access to a video only under specific conditions, such as within a certain timeframe, from a specific website or IP, or for a particular video.<\/p>\n

\n
\n

Table of Contents:<\/h2>\n
\n
    \n
  1. What are Token-Based URLs in Video Streaming<\/a><\/li>\n
  2. Types of Token-Based URLs in Video Streaming<\/a><\/li>\n
  3. Why use tokenized URLs?<\/a><\/li>\n
  4. How Token-Based URLs Work: Secure Streaming Workflow<\/a><\/li>\n
  5. Token-Based URLs vs Other Video Security Measures<\/a><\/li>\n
  6. JWT \u2013 Token based Authentication Example<\/a><\/li>\n
  7. VdoCipher\u2019s 360\u00b0 Video Protection \u2013 Tokenized URLs + DRM in Action<\/a><\/li>\n<\/ol>\n<\/div>\n<\/div>\n<\/div>\n

    This mechanism ensures that simply knowing the direct video URL is not enough to play the content \u2013 the request must include a valid token that the streaming server or CDN will verify before delivering the video. By using tokenized URLs, OTT platforms, e-learning providers, media companies, and content creators can control who can watch their videos, for how long, and under what circumstances.<\/p>\n

    In this article, we\u2019ll explain what token-based URLs are, how they work for secure video delivery, and how they help prevent unauthorized streaming and downloading. We\u2019ll also look at the scale of the piracy problem through key statistics, compare token-based URLs with other security measures (like IP restriction, session-based auth, and DRM), and show how VdoCipher uses token-based URL security as part of a holistic video protection suite.<\/p>\n

    What are Token-Based URLs in Video Streaming<\/h2>\n

    At its core, a token-based URL is a video link that has an embedded access token \u2013 a unique string that serves as a one-time or short-lived \u201ckey\u201d to unlock the video stream.<\/p>\n

    The video URL contains a token, a unique string generated by the server that determines:<\/p>\n

      \n
    • Video parameters<\/li>\n
    • For how long the link is valid<\/li>\n
    • From where (IP restrictions, domain restrictions)<\/li>\n<\/ul>\n

      Once the token expires or conditions aren\u2019t met, the link stops working, preventing unauthorized playback.<\/p>\n

      Unlike a normal static URL that anyone could copy and reuse, a tokenized URL is typically valid only for a limited time or scope. Once the token expires or if the conditions aren\u2019t met, the URL becomes useless for fetching the video.<\/p>\n\n\n\n\n\n\n\n\n\n
      Token-Based URL<\/b><\/td>\nTokenized Streaming Request (HLS\/DASH)<\/b><\/td>\n<\/tr>\n
      A URL containing a secure, time-limited token (query param, signed URL, JWT, or signed cookie) to control access.<\/td>\nThe use of token-based URLs specifically for delivering video segments and manifests in HLS (.m3u8) or MPEG-DASH (.mpd) streaming.<\/td>\n<\/tr>\n
      Can secure any resource – videos, images, documents, APIs, downloads.<\/td>\nFocused entirely on securing adaptive streaming video delivery.<\/td>\n<\/tr>\n
      Usually minutes to hours, depending on content sensitivity.<\/td>\nOften seconds to minutes to prevent link sharing and replay attacks during playback.<\/td>\n<\/tr>\n
      Single file download or API endpoint.<\/td>\nEvery manifest and segment request in the streaming session.<\/td>\n<\/tr>\n
      Can work standalone or with basic authentication.<\/td>\nOften paired with DRM (e.g., Widevine, FairPlay) and CDN edge validation for maximum security.<\/td>\n<\/tr>\n
      Restrict access to a specific resource.<\/td>\nPrevent unauthorized streaming and hotlinking of video content in real time.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

      Types of Token-Based URLs in Video Streaming<\/h2>\n

      Token-based authentication in video streaming can be implemented in several ways, depending on the security needs and ecosystem integration. The most common formats include:<\/p>\n

        \n
      • HMAC-SHA256 Tokens \u2013 Custom-signed tokens (like those used by VdoCipher) that bind video IDs, IPs, and policies with a short-lived signature.<\/li>\n
      • JWT (JSON Web Tokens) \u2013 Standardized 3-part tokens (header.payload.signature) widely used across APIs, which can embed claims like exp, aud, and sub.<\/li>\n
      • OTP (One-Time Playback) Tokens \u2013 Short-lived URLs generated via API for a single session; expire immediately after use.<\/li>\n
      • Signed URLs (CDN Tokens) \u2013 Time-bound tokens generated by CDNs (e.g., AWS CloudFront, Akamai) that allow access to specific files for a limited duration.<\/li>\n<\/ul>\n

        Each of these approaches shares the same core principle. The URL itself is meaningless without a valid token, making it impossible to replay or hotlink content outside the intended session.<\/p>\n

        Why use tokenized URLs?<\/h2>\n

        For video streaming platforms, token-based URL authentication provides a critical layer of security and access control. It allows content owners to:<\/p>\n

        Restrict access to logged-in users or paying customers<\/h3>\n

        For example, if you run a membership-based e-learning site, you only want enrolled students to watch the course videos. By using tokens, you ensure that a user must go through your application (and its authentication) to get a valid video URL. Simply guessing or sharing the raw video URL won\u2019t work without the token.<\/p>\n

        Enforce time-based viewing<\/h3>\n

        You can let users watch a video for a limited period (say 24 hours after purchase, or a live stream during its airtime). The token can carry an expiration time so that after, for instance, one hour or one day, the URL expires. Any attempt to use it after that window results in an error. This is great for pay-per-view content or rental models.<\/p>\n

        Limit usage by geolocation or IP<\/h3>\n

        Tokens can be tied to IP addresses or countries. If a token is issued for a user in a certain region, it could be considered invalid from elsewhere. This helps enforce geo-blocking rules or prevent users from sharing links with others in different locations. (For example, Cloudflare Stream\u2019s signed tokens support geo-restriction rules as part of their payload.) Similarly, a token can be tied to a specific IP to prevent a user from simply copying the link and sending it to a friend. If the friend\u2019s IP doesn\u2019t match, the token check fails.<\/p>\n

        Prevent hotlinking and uncontrolled embeds<\/h3>\n

        By requiring a token, you can ensure that your videos only play on your website\/app or authorized domains. Some implementations include the referrer or origin in the token. This means even if someone finds your video URL, they cannot embed it on their own site to piggyback off your content , without access to your token service, the video won\u2019t play.<\/p>\n

        So, token-based URLs act like temporary, revocable keys for video content. They are foundational for making videos \u201cprivate\u201d or restricted: as Cloudflare\u2019s documentation succinctly puts it, if a video is marked as requiring a signed URL, it \u201ccan no longer be accessed publicly with only the video ID. Instead, the user will need a signed URL token to watch or download the video.\u201d\u00a0<\/i><\/p>\n

        How Token-Based URLs Work: Secure Streaming Workflow<\/h2>\n

        It\u2019s helpful to walk through a typical workflow of token-based authentication in a video streaming scenario. The process involves a few coordinated steps between the user\u2019s device, your application backend, and the video streaming server (or CDN). Below is a step-by-step illustration of how a tokenized URL workflow might operate for on-demand video:<\/p>\n

        1. User Requests Video<\/h3>\n

        A logged-in user clicks \u201cPlay\u201d on a secure video in your application (website or app). The frontend sends a request to your backend (or directly to the video API) indicating which video the user wants to watch.<\/p>\n

        2. Server Generates a Token<\/h3>\n

        Your backend verifies the user\u2019s authorization (e.g., are they allowed to watch this video?) and then creates a short-lived token. Then your backend might issue a JWT or HMAC-signed token.<\/p>\n

        These tokens usually carry signed information (not encrypted) such as video ID, expiration time, or allowed IP.<\/p>\n

        3. Token Returned<\/h3>\n

        The video platform or your backend returns the newly generated token (and possibly extra info like a playback ID). This token is a short string valid only for a limited period, typically minutes or hours.<\/p>\n

        4. Video URL Constructed<\/h3>\n

        Your application then constructs the secure video URL or embed code that the client will use. The token is inserted into the URL, often as a query parameter. For example:<\/p>\n

        https:\/\/cdn.example.com\/video\/master.m3u8?token=__TOKEN__<\/p>\n

        5. Player Requests Stream with Token<\/h3>\n

        The browser or app launches the video player and uses the constructed URL. The player fetches the video manifest (e.g., .m3u8 or .mpd) and passes along the token in the URL or headers.<\/p>\n

        6. Token Validation on Server<\/h3>\n

        The streaming server\/CDN validates the token before serving any content. It checks:<\/p>\n

          \n
        • Signature integrity (hasn\u2019t been tampered with).<\/li>\n
        • Expiration time (still valid).<\/li>\n
        • Resource match (token was issued for this specific video).<\/li>\n
        • Optional rules (IP, geo, device restrictions).<\/li>\n<\/ul>\n

          If validation fails \u2192 request is denied (HTTP 403). If valid \u2192 the video manifest\/segments are delivered.<\/p>\n

          7. Video Playback & Expiry<\/h3>\n

          The player streams the video as long as the token remains valid. Once expired, further requests are blocked. If the user tries again later, a new token must be generated through the authorized flow. This short lifespan and one-time nature prevents URL sharing or hotlinking.<\/p>\n

          Token may be query param, signed URL, JWT, or signed cookie. Validation can happen at server side or via Auth service. DRM license requests (if used) occur before step 5.<\/i><\/p>\n

          This workflow shows that every playback session is uniquely authenticated. Even if a malicious user tries to copy the full streaming URL (with the token attached) from their browser\u2019s developer tools, that link is only good for a brief period (and often only for that user\u2019s context). If they share it or try to reuse it later, it will likely fail.<\/p>\n

          In other words, a tokenized URL behaves like a ticket that gets punched after one use, it can\u2019t be passed around infinitely.<\/p>\n

          Token-Based URLs vs Other Video Security Measures<\/h2>\n

          When securing premium video content, no single measure works perfectly on its own. Token-based URLs are one of the most effective access control methods, but they achieve their best results when used alongside other security layers such as IP\/Geo restrictions, session-based authentication, and DRM encryption.<\/p>\n\n\n\n\n\n\n\n
          Method<\/b><\/td>\nSecurity Strength<\/b><\/td>\nImplementation Difficulty<\/b><\/td>\nPlayback Impact<\/b><\/td>\nPrimary Use<\/b><\/td>\n<\/tr>\n
          Token-Based URLs (Signed URLs)<\/td>\nHigh (prevents unauthorized access & sharing)<\/td>\nModerate \u2013 requires token generation & validation<\/td>\nTransparent to users<\/td>\nSecure delivery on a per-request basis with expiry & conditional rules<\/td>\n<\/tr>\n
          IP Restriction \/ Geo-Blocking<\/td>\nLow\u2013Medium (basic location control)<\/td>\nLow \u2013 simple CDN\/app config<\/td>\nNone for allowed regions<\/td>\nRestrict access by IP ranges or countries<\/td>\n<\/tr>\n
          Session-Based Authentication<\/td>\nMedium (ties access to login)<\/td>\nLow\u2013Moderate \u2013 needs login system<\/td>\nMinimal<\/td>\nRestrict streams to registered\/paying users<\/td>\n<\/tr>\n
          DRM Encryption<\/td>\nVery High (protects content at rest & in transit)<\/td>\nHigh \u2013 requires DRM license server & compatible players<\/td>\nPossible device limitations<\/td>\nEncrypt content & enforce playback rules<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

          Why a Layered Approach Works Best<\/h3>\n

          Each method addresses a different aspect of video security:<\/p>\n

            \n
          • Token-based URLs \u2192 Secure the delivery pipeline (per-request access control).<\/li>\n
          • DRM encryption \u2192 Secure the video file itself (encryption + playback rules).<\/li>\n
          • Session authentication \u2192 Ties playback to legitimate, logged-in users.<\/li>\n
          • IP\/Geo restrictions \u2192 Enforce regional licensing rules.<\/li>\n<\/ul>\n

            In practice, an OTT platform or e-learning site should require login (session auth), issue a short-lived tokenized URL, deliver DRM-encrypted content, and optionally apply IP\/Geo rules. This makes piracy costly, complex, and unattractive for most attackers.<\/i><\/p>\n

            JWT – Token based Authentication Example<\/h2>\n
            \r\n# installing dependencies\r\n!pip -q install PyJWT\r\n\r\n# imports\r\n\r\nimport time, jwt, secrets\r\n\r\nfrom urllib.parse import urlencode, urlparse, parse_qs\r\n\r\n# Use a strong secret in production (store in env\/secret manager)\r\n\r\nJWT_SECRET = secrets.token_urlsafe(48)\r\n\r\nJWT_ISSUER = \"demo-backend\"\r\n\r\nJWT_AUDIENCE = \"video-play\"\r\n\r\nJWT_TTL_SECONDS = 300\r\n\r\nPLAY_URL_BASE = \"https:\/\/example.com\/hls\/master.m3u8\"\r\n\r\ndef issue_video_jwt(video_id: str) -> str:\r\n\r\nnow = int(time.time())\r\n\r\nclaims = {\r\n\r\n\"sub\": video_id,\r\n\r\n\"vid\": video_id,\r\n\r\n\"iat\": now,\r\n\r\n\"nbf\": now,\r\n\r\n\"exp\": now + JWT_TTL_SECONDS,\r\n\r\n\"aud\": JWT_AUDIENCE,\r\n\r\n\"iss\": JWT_ISSUER,\r\n\r\n}\r\n\r\nheaders = {\"alg\": \"HS256\", \"typ\": \"JWT\", \"kid\": \"k1\"}\r\n\r\nreturn jwt.encode(claims, JWT_SECRET, algorithm=\"HS256\", headers=headers)\r\n\r\ndef build_signed_url(base_url: str, token: str) -> str:\r\n\r\nreturn f\"{base_url}?{urlencode({'token': token})}\"\r\n\r\ndef extract_token_from_url(url: str) -> str | None:\r\n\r\nq = parse_qs(urlparse(url).query)\r\n\r\nvals = q.get(\"token\")\r\n\r\nreturn vals[0] if vals else None\r\n\r\ndef validate_token(token: str) -> dict:\r\n\r\nreturn jwt.decode(\r\n\r\ntoken,\r\n\r\nJWT_SECRET,\r\n\r\nalgorithms=[\"HS256\"],\r\n\r\naudience=JWT_AUDIENCE,\r\n\r\nissuer=JWT_ISSUER,\r\n\r\noptions={\"require\": [\"exp\",\"iat\",\"nbf\",\"aud\",\"iss\"]},\r\n\r\n)\r\n\r\n# demo run\r\n\r\nvideo_id = \"a1b2c3d4e5f60718293a4b5c6d7e8f90\"\r\n\r\nprint(\"Issuing JWT...\")\r\n\r\ntoken = issue_video_jwt(video_id)\r\n\r\nprint(\"JWT:\", token[:80] + \"...\")\r\n\r\nsigned_url = build_signed_url(PLAY_URL_BASE, token)\r\n\r\nprint(\"\\nSigned URL:\\n\", signed_url)\r\n\r\nprint(\"\\nExtracting token and validating...\")\r\n\r\ntok2 = extract_token_from_url(signed_url)\r\n\r\nclaims = validate_token(tok2)\r\n\r\nprint(\"Valid token. Claims:\")\r\n\r\nfor k, v in claims.items():\r\n\r\nprint(f\"\u00a0 {k}: {v}\")\r\n\r\nrequested_path = \"\/hls\/master.m3u8\"\r\n\r\nif claims.get(\"vid\") == video_id and requested_path.startswith(\"\/hls\/\"):\r\n\r\nprint(\"\\nResource authorization check passed.\")\r\n\r\nelse:\r\n\r\nprint(\"\\nResource authorization check failed.\")\r\n<\/pre>\n
            Response:<\/h3>\n
            \r\nIssuing JWT...\r\n\r\nJWT: eyJhbGciOiJIUzI1NiIsImtpZCI6ImsxIiwidHlwIjoiSldUIn0.eyJzdWIiOiJhMWIyYzNkNGU1ZjYw...\r\n\r\nSigned URL:\r\n\r\nhttps:\/\/example.com\/hls\/master.m3u8?token=eyJhbGciOiJIUzI1NiIsImtpZCI6ImsxIiwidHlwIjoiSldUIn0.eyJzdWIiOiJhMWIyYzNkNGU1ZjYwNzE4MjkzYTRiNWM2ZDdlOGY5MCIsInZpZCI6ImExYjJjM2Q0ZTVmNjA3MTgyOTNhNGI1YzZkN2U4ZjkwIiwidWlkIjoidXNlcl8xMjMiLCJpYXQiOjE3NTU0NDEyMDAsIm5iZiI6MTc1NTQ0MTIwMCwiZXhwIjoxNzU1NDQxNTAwLCJhdWQiOiJ2aWRlby1wbGF5IiwiaXNzIjoiZGVtby1iYWNrZW5kIn0.r7WWIhOScXYE_cQFPBvtJjTE0XEiGyV3LinH1McPOkU\">\u00a0https:\/\/example.com\/hls\/master.m3u8?token=eyJhbGciOiJIUzI1NiIsImtpZCI6ImsxIiwidHlwIjoiSldUIn0.eyJzdWIiOiJhMWIyYzNkNGU1ZjYwNzE4MjkzYTRiNWM2ZDdlOGY5MCIsInZpZCI6ImExYjJjM2Q0ZTVmNjA3MTgyOTNhNGI1YzZkN2U4ZjkwIiwidWlkIjoidXNlcl8xMjMiLCJpYXQiOjE3NTU0NDEyMDAsIm5iZiI6MTc1NTQ0MTIwMCwiZXhwIjoxNzU1NDQxNTAwLCJhdWQiOiJ2aWRlby1wbGF5IiwiaXNzIjoiZGVtby1iYWNrZW5kIn0.r7WWIhOScXYE_cQFPBvtJjTE0XEiGyV3LinH1McPOkU\r\n\r\nExtracting token and validating...\r\n\r\nValid token. Claims:\r\n\r\nsub: a1b2c3d4e5f60718293a4b5c6d7e8f90\r\n\r\nvid: a1b2c3d4e5f60718293a4b5c6d7e8f90\r\n\r\niat: 1755441200\r\n\r\nnbf: 1755441200\r\n\r\nexp: 1755441500\r\n\r\naud: video-play\r\n\r\niss: demo-backend\r\n\r\nResource authorization check passed.\r\n<\/pre>\n
            VdoCipher\u2019s 360\u00b0 Video Protection \u2013 Tokenized URLs + DRM in Action<\/h2>\n
            VdoCipher delivers end-to-end secure video streaming designed to protect premium content against piracy. At the start of its approach is token-based URL authentication powered by short-lived OTP (One-Time Playback) or SHA256 tokens. Every time a video is requested for playback, a unique token is generated via API and appended to the URL.<\/p>\n
            This token acts as a first line of defense, ensuring that only authorized requests, bound to specific video IDs, or IPs, are allowed to move forward. Even if the playback URL is copied or shared, it becomes useless outside its authorized session, since the embedded SHA256 signature cannot be forged without your secret API key.<\/p>\n
            Once the token is validated by VdoCipher\u2019s servers, the request proceeds to the DRM license pipeline (Google Widevine, Apple FairPlay). Here, a second layer of protection kicks in, the DRM license itself, encrypted and device-bound, is issued only to compliant players. This dual-layer design ensures that:<\/p>\n
              \n
            • Tokenized URLs block unauthorized or expired playback attempts at the entry gate.<\/li>\n
            • DRM licenses secure the actual video decryption keys, preventing downloads or screen-scraping attempts.<\/li>\n
            • VdoCipher\u2019s security engine, Analytics, Dynamic watermarking, can further tie playback sessions to individual users, deterring leaks and tracing piracy.<\/li>\n<\/ul>\n
              The result is a 360\u00b0 protection workflow: token-based validation filters requests, DRM locks down the stream itself, and VdoCipher\u2019s security engine with Analytics and Watermarking ensures accountability, making VdoCipher one of the most secure video delivery solutions available.<\/p>\n\n\n\n\n\n\n\n\n\n
              Feature<\/b><\/td>\nWhat It Does<\/b><\/td>\nBenefit to You<\/b><\/td>\n<\/tr>\n
              Short-Lived OTP Tokens<\/td>\nGenerates a unique, time-bound URL for every playback session.<\/td>\nPrevents unauthorized requests.<\/td>\n<\/tr>\n
              Hollywood-Grade DRM<\/td>\nEncrypts videos with Widevine and FairPlay DRM.<\/td>\nKeeps files unusable even if downloaded.<\/td>\n<\/tr>\n
              Security Engine<\/td>\nActs like an updated anti-virus software to check any suspicious activity<\/td>\nBlocks unauthorized access beyond the capabilities of DRM<\/td>\n<\/tr>\n
              Real-Time Analytics<\/td>\nMonitors token usage and playback patterns.<\/td>\nDetects suspicious activity for quick action.<\/td>\n<\/tr>\n
              Dynamic Watermarking<\/td>\nOverlays viewer-specific info during playback.<\/td>\nDeters and traces screen recording leaks.<\/td>\n<\/tr>\n
              Seamless Integration<\/td>\nEasy API\/iframe embed setup.<\/td>\nFast to deploy without complex development.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
              By combining short-lived tokenized processing, Hollywood-grade DRM encryption, dynamic watermarking, real-time monitoring, hacker identification tool, play integrity, proprietary security engine, VdoCipher offers a proven, production-ready video security solution trusted by education companies, OTT services, and media businesses worldwide.<\/p>\n","protected":false},"excerpt":{"rendered":"
              Token-based URLs, also known as signed URLs or secure streaming tokens, are a powerful tool for protecting video content from unauthorized access and piracy. In the context of video streaming, a token-based URL is a special, time-limited link that grants access to a video only under specific conditions, such as within a certain timeframe, from […]<\/p>\n","protected":false},"author":16,"featured_media":20013,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[3],"class_list":{"0":"post-20007","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-video-tech","8":"tag-video-security","9":"entry"},"yoast_head":"\nToken-Based URLs & JWT based Authentication Example for Video Protection | What & How<\/title>\n<meta name=\"description\" content=\"Token-based URLs act like temporary, revocable keys for video content. They are foundational for making videos \u201cprivate\u201d or restricted.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How\" \/>\n<meta property=\"og:description\" content=\"Token-based URLs act like temporary, revocable keys for video content. They are foundational for making videos \u201cprivate\u201d or restricted.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/\" \/>\n<meta property=\"og:site_name\" content=\"VdoCipher Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vdociphertech\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-28T05:59:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-28T06:30:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1500\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Vishal Sharma\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@vdocipher\" \/>\n<meta name=\"twitter:site\" content=\"@vdocipher\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vishal Sharma\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/\"},\"author\":{\"name\":\"Vishal Sharma\",\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/person\/329776cb6c9589f6b377be584ca4d4f9\"},\"headline\":\"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How\",\"datePublished\":\"2025-08-28T05:59:36+00:00\",\"dateModified\":\"2025-08-28T06:30:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/\"},\"wordCount\":2191,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg\",\"keywords\":[\"Video Security\"],\"articleSection\":[\"Video Tech\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/\",\"url\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/\",\"name\":\"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How\",\"isPartOf\":{\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg\",\"datePublished\":\"2025-08-28T05:59:36+00:00\",\"dateModified\":\"2025-08-28T06:30:00+00:00\",\"description\":\"Token-based URLs act like temporary, revocable keys for video content. They are foundational for making videos \u201cprivate\u201d or restricted.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#primaryimage\",\"url\":\"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg\",\"contentUrl\":\"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg\",\"width\":1500,\"height\":675,\"caption\":\"token based url\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www-uat.vdocipher.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#website\",\"url\":\"https:\/\/www-uat.vdocipher.com\/blog\/\",\"name\":\"VdoCipher Blog\",\"description\":\"Secure Video Streaming\",\"publisher\":{\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www-uat.vdocipher.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#organization\",\"name\":\"VdoCipher\",\"url\":\"https:\/\/www-uat.vdocipher.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2016\/11\/VdoCipher-logo2.png\",\"contentUrl\":\"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2016\/11\/VdoCipher-logo2.png\",\"width\":1625,\"height\":1925,\"caption\":\"VdoCipher\"},\"image\":{\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/vdociphertech\/\",\"https:\/\/x.com\/vdocipher\",\"https:\/\/www.linkedin.com\/company\/vdocipher\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/person\/329776cb6c9589f6b377be584ca4d4f9\",\"name\":\"Vishal Sharma\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/392a4e1ad0a2c7e4c82bde7a7ea60bbb51ea7e77e8185b8c0e2aceb39aa58ccc?s=96&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/392a4e1ad0a2c7e4c82bde7a7ea60bbb51ea7e77e8185b8c0e2aceb39aa58ccc?s=96&r=g\",\"caption\":\"Vishal Sharma\"},\"description\":\"My expertise focuses on DRM encryption, CDN technologies, and streamlining marketing campaigns to drive engagement and growth. At VdoCipher, I've significantly enhanced digital experiences and contributed to in-depth technical discussions in the eLearning, Media, and Security sectors, showcasing a commitment to innovation and excellence in the digital landscape.\",\"url\":\"https:\/\/www.vdocipher.com\/blog\/author\/vishal\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How","description":"Token-based URLs act like temporary, revocable keys for video content. They are foundational for making videos \u201cprivate\u201d or restricted.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/","og_locale":"en_US","og_type":"article","og_title":"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How","og_description":"Token-based URLs act like temporary, revocable keys for video content. They are foundational for making videos \u201cprivate\u201d or restricted.","og_url":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/","og_site_name":"VdoCipher Blog","article_publisher":"https:\/\/www.facebook.com\/vdociphertech\/","article_published_time":"2025-08-28T05:59:36+00:00","article_modified_time":"2025-08-28T06:30:00+00:00","og_image":[{"width":1500,"height":675,"url":"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg","type":"image\/jpeg"}],"author":"Vishal Sharma","twitter_card":"summary_large_image","twitter_creator":"@vdocipher","twitter_site":"@vdocipher","twitter_misc":{"Written by":"Vishal Sharma","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#article","isPartOf":{"@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/"},"author":{"name":"Vishal Sharma","@id":"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/person\/329776cb6c9589f6b377be584ca4d4f9"},"headline":"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How","datePublished":"2025-08-28T05:59:36+00:00","dateModified":"2025-08-28T06:30:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/"},"wordCount":2191,"commentCount":0,"publisher":{"@id":"https:\/\/www-uat.vdocipher.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#primaryimage"},"thumbnailUrl":"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg","keywords":["Video Security"],"articleSection":["Video Tech"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/","url":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/","name":"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How","isPartOf":{"@id":"https:\/\/www-uat.vdocipher.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#primaryimage"},"image":{"@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#primaryimage"},"thumbnailUrl":"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg","datePublished":"2025-08-28T05:59:36+00:00","dateModified":"2025-08-28T06:30:00+00:00","description":"Token-based URLs act like temporary, revocable keys for video content. They are foundational for making videos \u201cprivate\u201d or restricted.","breadcrumb":{"@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vdocipher.com\/blog\/token-based-urls\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#primaryimage","url":"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg","contentUrl":"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2025\/08\/token-based-url.jpg","width":1500,"height":675,"caption":"token based url"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vdocipher.com\/blog\/token-based-urls\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www-uat.vdocipher.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Token-Based URLs & JWT based Authentication Example for Video Protection | What & How"}]},{"@type":"WebSite","@id":"https:\/\/www-uat.vdocipher.com\/blog\/#website","url":"https:\/\/www-uat.vdocipher.com\/blog\/","name":"VdoCipher Blog","description":"Secure Video Streaming","publisher":{"@id":"https:\/\/www-uat.vdocipher.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www-uat.vdocipher.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www-uat.vdocipher.com\/blog\/#organization","name":"VdoCipher","url":"https:\/\/www-uat.vdocipher.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2016\/11\/VdoCipher-logo2.png","contentUrl":"https:\/\/www.vdocipher.com\/blog\/wp-content\/uploads\/2016\/11\/VdoCipher-logo2.png","width":1625,"height":1925,"caption":"VdoCipher"},"image":{"@id":"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vdociphertech\/","https:\/\/x.com\/vdocipher","https:\/\/www.linkedin.com\/company\/vdocipher"]},{"@type":"Person","@id":"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/person\/329776cb6c9589f6b377be584ca4d4f9","name":"Vishal Sharma","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www-uat.vdocipher.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/392a4e1ad0a2c7e4c82bde7a7ea60bbb51ea7e77e8185b8c0e2aceb39aa58ccc?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/392a4e1ad0a2c7e4c82bde7a7ea60bbb51ea7e77e8185b8c0e2aceb39aa58ccc?s=96&r=g","caption":"Vishal Sharma"},"description":"My expertise focuses on DRM encryption, CDN technologies, and streamlining marketing campaigns to drive engagement and growth. At VdoCipher, I've significantly enhanced digital experiences and contributed to in-depth technical discussions in the eLearning, Media, and Security sectors, showcasing a commitment to innovation and excellence in the digital landscape.","url":"https:\/\/www.vdocipher.com\/blog\/author\/vishal\/"}]}},"yoast":{"focuskw":"Token-based URLs","title":"%%title%%","metadesc":"Token-based URLs act like temporary, revocable keys for video content. They are foundational for making videos \u201cprivate\u201d or restricted.","linkdex":"69","metakeywords":"","meta-robots-noindex":"","meta-robots-nofollow":"","meta-robots-adv":"","canonical":"","redirect":"","opengraph-title":"","opengraph-description":"","opengraph-image":"","twitter-title":"","twitter-description":"","twitter-image":""},"_links":{"self":[{"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/posts\/20007","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/comments?post=20007"}],"version-history":[{"count":7,"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/posts\/20007\/revisions"}],"predecessor-version":[{"id":20016,"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/posts\/20007\/revisions\/20016"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/media\/20013"}],"wp:attachment":[{"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/media?parent=20007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/categories?post=20007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vdocipher.com\/blog\/wp-json\/wp\/v2\/tags?post=20007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}