Stream Publisher Authentication

Stream Publisher Authentication

ScaleEngine stream publisher authentication allows users to restrict who can publish to their streams, by requiring username and passwords for every publish connection. This is provided by a username and password embedded in the encoder connection URL.

These controls are available in the control panel, or programatically through our API.

Stream Publisher Authentication API documentation .

Etymology of a ScaleEngine URL

Example encoder URL for an account named "example"

protocol |   origin hostname       | application | inst |       URL parameters
    rtmp://example-origin.secdn.net/example-origin/live?user=alice&pass=$2a$10$6DZSJE1bMCVuXdwL2PinBe.lt02euSal3uyQ6urQ7en6JkZXsKYvS

Encoder connection URLs are provided in 2 parts, with the stream name separated. Most encoders want the stream name separate, although they may call it a "stream key" or a "stream ID". Other encoders that want only one part, will want you to add the stream name to the end of the URL, separated by a forward slash (/).

Example of an encoder connection URL for an encoder that expects only one field: (for a stream named "streamname")

rtmp://example-origin.secdn.net/example-origin/live?user=alice&pass=$2a$10$6DZSJE1bMCVuXdwL2PinBe.lt02euSal3uyQ6urQ7en6JkZXsKYvS/streamname

The URL parameters are separated by an ampersand (&). In the example, you can see we have 2 parameters:

  • user=alice
  • pass=$2a$10$6DZSJE1bMCVuXdwL2PinBe.lt02euSal3uyQ6urQ7en6JkZXsKYvS

Those are the parameters for connecting to the stream. If those parameters are not present, the connection will be rejected.

These settings can be updated on the stream management page. The URL you are given contains the hashed version of the password you enter. If your encoder has a length restriction, doesn't allow pasting URLs, or won't accept the "$" character, you can use the plaintext of the password instead:

rtmp://example-origin.secdn.net/example-origin/live?user=alice&pass=password

Note that on the stream management page, only the hashed version of the password is available, if you require the plaintext version and have forgotten it, you will need to update the settings with a new password.

If you have an encoder that does not accept special characters, you can disable authentication altogether.

With authentication disabled you still must create the stream name and provide this name as usual. Attempting to connect with the wrong stream name will not work.