MP2 (Media Protection Platform)
Configuration
General settings
Engage kit restrictions

Restricting Access to Engage Kit Assets

The Engage Kit consists of auto-generated assets that can be made public and used depending on the access policy. Specifically:

  • Video Content: Generates miniatures and a short video preview.
  • Image Content: Generates a miniature blurred image.
  • Audio Content: No engage kit is generated.

To secure your Engage Kit assets such as videoPreviews and snapshots, you can configure access policies at the project level. There are three types of access policies:

  1. Unsigned: This policy allows anyone to access the Engage Kit without any validation.
  2. Restricted: This policy ensures that the Engage Kit is only available to be used within our platform and is not accessible by the public.
  3. Signed: This policy requires URL signing to access the Engage Kit. This option is evaluated on a per-case basis and is usually not used. Please contact our support team to enable this feature.
ℹ️

If you are not going to display the Engage Kit contents in public areas without any authorization needed, we encourage you to use the Restricted policy.

Managing Engage Kit Access Policy via API

You can manage the Engage Kit access policy through the Fastevo API. This includes setting and retrieving the current access policy.

Setting the Engage Kit Access Policy

To set the Engage Kit access policy, you need to perform a PUT request to the following endpoint:

PUT https://api.fastevo.net/api/v1/projects/mediaProtection/configurations/general/engageKitAccessPolicy
{
  "engageKitAccessPolicy": "{policy}"
}

Replace {policy} with one of the following values:

  • unsigned
  • restricted
  • signed (Note: Signed access is currently not available by default. Please contact our support team to enable this feature on a case-by-case basis.)

Example Request to Set Policy to Unsigned

PUT https://api.fastevo.net/api/v1/projects/mediaProtection/configurations/general/engageKitAccessPolicy
{
  "engageKitAccessPolicy": "unsigned"
}

Example Request to Set Policy to Restricted

PUT https://api.fastevo.net/api/v1/projects/mediaProtection/configurations/general/engageKitAccessPolicy
{
  "engageKitAccessPolicy": "restricted"
}

Retrieving the Current Engage Kit Access Policy

To retrieve the current Engage Kit access policy, you need to perform a GET request to the following endpoint:

GET https://api.fastevo.net/api/v1/projects/mediaProtection/configurations/general/engageKitAccessPolicy

Example Response

{
  "engageKitAccessPolicy": "unsigned"
}

Signing Signed Access Engage Kit

To configure signed access, you need to set up a Public Signing Key at the project level. This key pair is generated by us and provided to you. You will configure the Public Signing Key with us and we will provide you with the Private Key Pair ID. Keep this ID secret as it will be used to sign the URLs. This process is similar to AWS CloudFront URL signing.

⚠️

Signed access is currently not available by default. Please contact our support team to enable this feature on a case-by-case basis.

Code Samples

import { getSignedUrl } from "@aws-sdk/cloudfront-signer";
import fs from 'fs/promises';
 
const signCloudfrontUrlAndReturnUrl = async (urlToSign, privateKeyPath, keyPairId, expiresIn = 86400) => {
  const privateKey = await fs.readFile(privateKeyPath);
 
  const signingParams = {
    url: urlToSign,
    dateLessThan: new Date(Date.now() + expiresIn * 1000),
    keyPairId: keyPairId,
    privateKey: privateKey,
  };
 
  return getSignedUrl(signingParams);
};
 
const urlToSign = '<Url to sign>';
const privateKeyPath = '<Path to private key.pem>';
const keyPairId = '<Private Key Pair Id>';
 
signCloudfrontUrlAndReturnUrl(urlToSign, privateKeyPath, keyPairId)
  .then(signedUrl => console.log(signedUrl))
  .catch(err => console.error(err));

Remember to replace <Private Key Pair Id> with your actual Private Key Pair Id and <Path to private key.pem> with the actual path to your private key file.

By signing the URLs, you can ensure that only authorized users have access to your Engage Kit contents. (some note here)

Generating a Key Pair

To generate a key pair, you can use the OpenSSL command-line tool. Here's how:

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -pubout -in private_key.pem -out public_key.pem

The first command generates a 2048-bit RSA private key and saves it to a file named private_key.pem. The second command generates the corresponding public key and saves it to a file named public_key.pem.

You will provide us with the public key (public_key.pem), and we will provide you with the Private Key Pair ID. Keep your private key (private_key.pem) and the Private Key Pair ID secret.

CallbacksTranscoding