Token-based authentication is a technique that authenticates the users who attempt to connect to a server, a network, or some other system, using a security token provided by the server.
An authentication is successful if a user can prove that they are a valid user by passing a security token. The service validates the security token and processes the user request.
After the token is validated by the service, it is used to establish security context for the client, so the service can make authorization decisions or audit activity for successive user requests.
One of Revma’s features is listener access upon authentication. With this feature, authenticated users will be handled differently than the non-authenticated ones.
How it works:
To create an authenticated URL for listeners, developers need to call an API with a secret service Token (used only for server side calls). Each URL is valid for a few hours and after its expiration, the URL will no longer be authenticated. Once a listener connects, they can audition the stream with no limit to the duration of the session, but after the URL expires, the listener will need a new URL to connect to.
Account administrators in Revma will need to set the appropriate actions and rules at the ‘Session Rules’ tab.
Example #1
For stream “sxfa973t8d”: Authenticated listeners will be granted access to the stream, while non-authenticated listeners will be denied access to the stream.
The API call:
https://www.revma.com/api/stations/<stream_name>/private_stream_token
Sample API call for stream “sxfa973t8d”:
GET request
URL: https://www.revma.com/api/stations/sxfa973t8d/private_stream_token
Header: 'x-auth-token’: <API Service Token>
Setup in the Revma portal:
Go to ‘Session Rules’ on the account level.
Create a ‘Continue' action.
Create a ‘Drop’ action.
Create a rule with priority set to ‘0'. Set ‘AUTH’ as ‘Source Type’. Connect the rule with the stream ‘sxfa973t8d’ and with the Continue action 'Authenticated-Listeners-Access’.
Create an addtional rule with priority set to ‘5'. Set ‘Any Source’ as ‘Source Type’. Connect the rule with the stream ‘sxfa973t8d’ and with the ‘Drop' action 'Drop-Non-Authenticated-Listeners’.
Listeners trying to connect via the authenticated stream URL (https://stream.rcs.revma.com/sxfa973t8d?rj-auth=AAABchr-ygh1c2VyAHN4ZmE5NzN0OGRydXYAb) will be granted access to the stream.
Listeners trying to connect via the non-authenticated stream URL (https://stream.rcs.revma.com/sxfa973t8d) will be denied access to the stream.
Example #2
For stream “sxfa973t8d”: Authenticated listeners will be granted access to audition an ad-free version of the stream, while non-authenticated listeners will be granted access to the stream with ads.
The API call:
https://www.revma.com/api/stations/<stream_name>/private_stream_token
Sample API call for stream “sxfa973t8d”:
GET request
URL: https://www.revma.com/api/stations/sxfa973t8d/private_stream_token
Header: 'x-auth-token’: <API Service Token>
Setup in the Revma portal:
Go to ‘Session Rules’ on the account level.
Create a ‘Continue Action’.
Create a ‘Vast’ action.
Create a rule with priority set to ‘0'. Set ‘AUTH’ as ‘Source Type’. Connect the rule with the stream ‘sxfa973t8d’ and with the ‘Continue’ action 'Authenticated-Listeners-Access’.
Create an addtional rule with priority set to ‘5'. Set ‘Any Source’ as ‘Source Type’. Connect the rule with the stream ‘sxfa973t8d’ and with the ‘Vast' action 'Vast-Ads-for-non-authenticated-listeners’.
Listeners trying to connect via the authenticated stream URL (https://stream.rcs.revma.com/sxfa973t8d?rj-auth=AAABchr-ygh1c2VyAHN4ZmE5NzN0OGRydXYAb) will be granted access to the ad-free version of the stream.
Listeners trying to connect via the non-authenticated stream URL (https://stream.rcs.revma.com/sxfa973t8d) will be granted access to the version of the stream with ads.