Livestream is updating its live HLS video delivery to enhance security and prevent unauthorized playback. Some API integrations, however, will not be compatible with these updates. This guide serves as both an explanation of the changes and recommendations for remedy.
The API serves an m3u8 property on the video object that provides an HLS playlist. Clients are expected to provide this URL directly to their users, and as such, it is protected with a secure token that does not expose the API key.
If your integration resembles this architecture, then no further action on your part is required. The security update is unlikely to affect you.
In contrast, some customers may be proxying the contents of the HLS playlist, rather than providing direct access to the m3u8 URL. In this case, they are retrieving the HLS playlist from Livestream, and re-broadcasting its contents using their own infrastructure.
Our enhanced security measures, however, will no longer make this approach possible. In the near future, the contents of the HLS playlist will be session-specific, and will not be shareable.
To resolve this, we are urging our customers to update their implementations, and provide the m3u8 URL directly to their users (as described in Diagram 1). This approach is safe and efficient, and allows our customers to take advantage of continual improvements to delivery and security.
A Note about Rate Limits
The m3u8 endpoint is rate-limited, along with other Livestream API endpoints. Since every video playback session will make a call to this endpoint, it's important to check your current throughput and determine if you will exceed your Livestream API rate limit. If you believe this will be a problem, please reach out to your account manager.
A PDF of this article is available for download below.