All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Push stream access

Last updated:2020-11-30 16:12:55

Authentication methods

Simple authentication

Kingsoft Cloud supports simple authentication for anti-leeching with MD5. To use this service, contact technical support to enable it.

Example of stream pushing

rtmp://uniquename.uplive.ks-cdn.com/live/streamname?t=1560096763&k=7197d55ace73b7d8

Parameter description

Parameter Description
t A 10-digit UNIX timestamp denoting the expiration time. It is the number of seconds past since January 1, 1970.
k A string of 16 characters in the center (that is, the 9th to the 24th characters) of the result of calculation by using the MD5 algorithm. It consists of digits (0 to 9) and lowercase letters (a to z).

Authentication method

When the origin server receives a request, it first compares the t parameter with the current time. If t is earlier than the current time, the request is considered as having expired, and the server returns an HTTP 403 error. If t is later than the current time, the server constructs a same string from the parameters. Then, the origin server uses the MD5 algorithm to calculate a hash value from the string, and compares the hash value with the value of k. If the hash value is identical to the value of k, the authentication is successful. Otherwise, the authentication failed and an HTTP 403 error is returned.

Anti-leeching algorithm

The hash value is the 16 characters in the center (the 9th to 24th characters) of the MD5 value calculated by using the MD5 algorithm (secret key + stream name + parameter t).

Illustration

  1. The key is set by the user and contains at most 32 characters, including digits and case-sensitive letters. In this example, the key is 123456.

  2. Live stream pushing URL

    rtmp://yourdomain.com/live/stream?t=1560096712&k=4f88e741140240e2

    The value of the timestamp parameter t is set to 1560096712.

  3. The server calculates the hash value:

tmp_md5=md5(123456stream1560096712)=c628321f4f88e741140240e2e5c5bd90 The 16 characters in the center, that is, 4f88e741140240e2, are taken to be the hash value.

The hash value is identical to the value of k in the URL, which is 4f88e741140240e2, and therefore the authentication is successful. If the hash value does not match the value of k, access is denied.

[External authentication]

You can also use your own authentication server and algorithms for authentication. To use this service, contact technical support to enable it.

Example of stream pushing

rtmp://uniquename.uplive.ks-cdn.com/live/stream?token=3dKBiljAauSbh

After external authentication is enabled, the token carried in the push stream address is the user-defined authentication string. Kingsoft Cloud allows you to access your own authentication server through POST requests.

IP address blacklist and whitelist

Kingsoft Cloud allows you to configure the IP address whitelist and blacklist based on domain names. You can add both individual IP addresses and CIDR blocks to the whitelist and blacklist. CIDR blocks must be converted to masks before being added to the whitelist or blacklist. Contact technical support to enable this service.

Live stream pushing and pulling

Stream pushing over RTMP

You can use this service to submit a request for pushing a live stream over RTMP. The result of the request is returned in _result in AMF format.

Sample request

rtmp://uniquename.uplive.ks-cdn.com/live/stream?signature=vU9XqPLcXd3nWdlfLWIhruZrLAM%3D&accesskey=P3UPCMORAFON76Q6RTNQ&expire=1436976000[&nonce=4e1f2519c626cbfbab1520c255830c26]

Status codes

Code Subcode Description
0 0 Publish Success (Stream pushed successfully.)
1 0 Non-Exist Publish Domain (Invalid ingest domain name.)
2 0 Non-Exist Application (The app name does not exist.)
3 0 Already Exist Stream Name (A stream with the same name already exists.)
4 0 Forbidden By Blacklist (Rejected because the stream name is blacklisted.)
5 0 Authentication Failed (Authentication failed due to unknown reasons.)
5 1 Accesskey Or Signature Not Exist (Authentication failed because one or more authentication parameters are missing.)
5 2 URL Expired (Authentication failed because the signature has expired.)

Request details

Connect

(Invoke) "publish"
(Transaction ID) 1.0
(Object1) {
app: "app",
flashVer: "MAC 10,2,153,2",
swfUrl: null,
tcUrl:"rtmp://*.uplive.ks-cdn.com/live/stream?signature=vU9XqPLcXd3nWdlfLWIhruZrLAM%3D&accesskey=P3UPCMORAFON76Q6RTNQ&expire=1436976000[&nonce=4e1f2519c626cbfbab1520c255830c26]",
fpad: false,
capabilities: 9947.75 ,
audioCodecs: 3191,
videoCodecs: 252,
videoFunction: 1,
pageUrl: null,
objectEncoding: 3.0 }

Result

(Invoke) "_result"
(Transaction ID) 1.0
(Object2){ 
code: 0,
subCode: 0,
description: "Publish Success"}

Stream pulling over RTMP

You can use this service to submit a request for playing an RTMP live stream.

Sample request

rtmp://***.rtmplive.ks-cdn.com/live/stream

Status codes

Code SubCode Description
0 0 Play Success (Stream pulled successfully)
1 0 Non-Exist Play Domain (Invalid streaming domain name.)
2 0 Non-Exist Application (The app name does not exist.)
3 0 Non-Exist Stream Name(The stream name does not exist.)

Request details

Connect

(Invoke) "play"
(Transaction ID) 1.0
(Object1) {
app: "app",
flashVer: "MAC 10,2,153,2",
swfUrl: null,
tcUrl:"rtmp://*.rtmplive.ks-cdn.com/live/stream",
fpad: false,
capabilities: 9947.75 ,
audioCodecs: 3191,
videoCodecs: 252,
videoFunction: 1,
pageUrl: null,
objectEncoding: 3.0 }

Result

(Invoke) "_result"
(Transaction ID) 1.0
(Object2){ 
code: 0,
subCode: 0,
description: "Play Success"}

Stream pulling over HLS

You can use this service to submit an HLS request in the format of GET /live/stream/index.m3u8.

HLS domain name: By default, the HLS domain name is in the format of stream name.m3u8. If you need to use an HLS domain name in the format of stream_name/playlist.m3u8, contact technical support to enable it.

Sample request

GET /live/stream/index.m3u8 HTTP/1.1 
Host: ***.hlslive.ks-cdn.com 
Date:Wed, 28 Oct 2009 22:32:00 GMT

Sample success response

HTTP/1.1 200 OK Content-Length: length 
Content-Type: text/plain 
Date:Wed, 28 Oct 2009 22:32:00 GMT 
Server: Nginx

#EXTM3U  
  #EXT-X-VERSION:3  
  #EXT-X-MEDIA-SEQUENCE:0 
#EXT-X-TARGETDURATION:2  
  #EXTINF:2.000,
  172278810.ts  
#EXTINF:2.000,
  172458810.ts  
  #EXTINF:1.315,
  172638810.ts

Sample error responses

  1. Authentication failed.
    HTTP/1.1 403 Forbidden
    Content-Length: length
    Content-Type: text/plain
    Date: Wed, 28 Oct 2009 22:32:00 GMT
    Server: Nginx     
    <?xml version="1.0" encoding="UTF-8"?>
    <Error>
    <code>AuthencationFailed</code>
    <Message>Non Exist Signature or Accesskey</Message>
    </Error>
  2. The app name does not exist.
    HTTP/1.1 403 Forbidden
    Content-Length: length
    Content-Type: text/plain
    Date: Wed, 28 Oct 2009 22:32:00 GMT
    Server: Nginx 
    <?xml version="1.0" encoding="UTF-8"?>
    <Error>
    <code>NonExistApplication</code>
    </Error>
  3. The stream name does not exist.
    HTTP/1.1 403 Forbidden
    Content-Length: length
    Content-Type: text/plain
    Date: Wed, 28 Oct 2009 22:32:00 GMT
    Server: Nginx   
    <?xml version="1.0" encoding="UTF-8"?>
    <Error><code>NonExistStreamName</code>
    </Error>

    Error message description

Error Description
AuthencationFailed Authentication failed.
NonExistApplication The app name does not exist.
ExistStreamName A push stream with the same name already exists.

FLV stream pulling over HTTP

Sample request

GET /live/stream.flv HTTP/1.1
Host: ***.hdllive.ks-cdn.com
Date:Wed, 28 Oct 2009 22:32:00 GMT

Sample error response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: video/x-flv
Connection: close
Expires: -1
Pragma: no-cache

[Media Data]
On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback