C# Sample Code​ for VdoCipher OTP Generation

In this example, the sample videoID is 1234567890, and the API Secret Key is a1b2c3d4e5. The time-to-live for OTP validity is set to 300s in the sample code. You can reference the API documentation for more info.

var client = new RestClient("https://dev.vdocipher.com/api/videos/1234567890/otp");
var request = new RestRequest(Method.POST);
request.AddHeader("Accept", "application/json");
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Authorization", "Apisecret a1b2c3d4e5");
request.AddParameter("undefined", "{\n\t\"ttl\":300\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

The controller makes an API request to VdoCipher API to get authorized data about the upload. View file creates the HTML form required for uploading data. Note that the HTML form is only for illustration. You need to hide the extra input fields and perhaps use one of the better javascript libraries (angularjs, jquery or standalone, etc.) for video upload to make user flow better according to rest of your website.

https://gist.github.com/vibhavsinha/cb35c43b874e52c69dd2

After the video is uploaded, it is not ready instantly. Do not load the player immediately. Use the API to query when video is ready and only then render the video player. The API for querying video status is described in the API reference as videos.

FAQs

How to protect your C# video streaming on the backend?

The security integration of video streaming, like multi-DRM, is not directly available for C# use. The easiest solution would be to use a secure video streaming service provider like VdoCipher and integrate with their APIs compatible with the C# backend.

How to secure API in C#?

API gets used as a documented method of interacting with other services, and that is why there is no exact answer to the question, but applying OAuth and using a shared secret along with the request made can work as generic solutions.

Is C# vulnerable to Video Security lapses?

No, it has nothing to do with video security, as videos get secured through cloud encoding and global distribution via a dynamic key exchange mechanism.

The post C# sample API for video upload from browser to VdoCipher appeared first on VdoCipher Blog.

Vdocipher video in asp.net: controller view and config files

https://gist.github.com/vibhavsinha/c82239fea15888afd75b

Do not save API Secret in the code

API secret is a key which gives your website authority to generate access tokens (OTPs) for video playback. This secret key can also be used to upload, delete videos in your vdocipher account. Hence, it should not be hard-coded in the application. It should be kept as an app secret. In the above example, it has been added to the web.config file which is not the recommended method. Please read this official article on best practices of saving secret keys in ASP.NET.

Complete code

Download the complete sample application from the Github.

Adding watermark to the videos

Watermark can be added when generating the OTP in the controller file. Please read this article on structuring your watermark and a sample code. The watermark has to be URLencoded and sent as a post data. You shall need to change around line 33 to send annotation information. Let us know if you find any trouble with the watermark setup.

A note about caching

OTP generated here is temporary. You can not cache this OTP and send it to multiple users as it might cause trouble. The OTP once used gets expired and can no longer be used to play video. Some extensions might try to automate the page rendering and especially when on pages which do not need login. The configuration must be set to make sure pages with embedded videos are not cached and cause error while playback.

For reference about how everything works, please check API reference.

Do let us know about your experiences setting up your secure video in asp.net to create your own PPV or subscription-based video portal. and how we can make the integration simpler.

The post Code to embed vdocipher video in ASP.NET MVC with C# appeared first on VdoCipher Blog.

We use Amazon AWS storage to store original user videos securely in AWS S3. With an intent to automate their online business, many of our customers wish to allow their users to upload videos directly from their website. To enable this, we have an API call that returns an authenticated policy document which is used video upload into a S3 bucket allotted to your account.

Step 1 (Obtain authorized access):

Create authorized video upload request with your API secret key.

Request
Endpoint: https://dev.vdocipher.com/api/videos?title=videotitile
Method: PUT
HEADER: Authorization: Apisecret a1b2c3e4e5d6

Response
Content-Type: application/json
"clientPayLoad":{
 "policy":
 "key":
 "x-amz-signature": ,
 "x-amz-algorithm": ,
 "x-amz-date": ,
 "x-amz-credential": ,
 "policy":  ,
 "upload_link_secure": ,
}
"video_id":

The API call has returned a set of parameters that must go with the video upload call to the AWS S3 endpoint. We shall refer to this JSON object returned above as uploadData.

The policy document is valid only for the next 1 hour. It is recommended to make the video upload immediately after creating the authorized access. There is also a soft restriction on the number of upload calls every hour, so it is advised to create it only after the user has chosen to upload the video. It should not be made every time somebody loads their dashboard or mobile app.

This call must be made from a secure environment such as your server. This should not be called from a mobile device or the browser to protect your API key. The uploadData should then be passed to user’s device (mobile or browser) to do the file upload.

Step 2 (Video upload via S3 API):

Upload the file to amazon s3 directly. This upload can be made using server code or using an HTML5 form. You can use any third party upload library to make the upload script. The famous ones already have tutorials on setting it up with S3 upload.

application Request
Endpoint: https://{bucket}.s3.amazonaws.com/
Method: POST
Form-Data:
 'x-amz-credential': uploadData['x-amz-credential'],
 'x-amz-algorithm': uploadData['x-amz-algorithm'],
 'x-amz-date' : uploadData['x-amz-date'],
 'x-amz-signature': uploadData['x-amz-signature'],
 'key' : uploadData['key'],
 'policy' : uploadData['policy'],
 'success_action_status' : 201,
 'success_action_redirect' : 'http://example.com'
 'file': <file content>

• upload_link_secure string – The vdocipher storage location on S3 that has been allocated for this file
• x-amz-credential string – These must be accompanied in the upload request.
• x-amz-algorithm string
• x-amz-date string
• x-amz-signature string – A signature value that authorizes the form and proves that only vdocipher could have created it.
• key string – A name for the S3 object that will store the uploaded file’s data
• policy string – authorization string
• success_action_status integer – The status code returned upon successful upload if success_action_redirect is not specified.
• success_action_redirect string – Specifies if to redirect to a URL after a successful post instead of issuing a 201. Set this to an empty string if you do not want to redirect to a specific page.

If everything goes right, the response from the above request should be:

Response
<?xml version="1.0" encoding="UTF-8"?>
<PostResponse>
  <Location>https://{{bucket}}.s3.amazonaws.com/orig%2F5555555555555</Location>
  <Bucket>vdo-ap-southeast</Bucket><Key>orig/5555555555555</Key>
  <ETag>xxxxxxxxxxxxxxxxxx</ETag>
</PostResponse>

You can ignore the content of this response. Now, the video status should be shown as Queued or Processing in the API or on your dashboard. The video will get processed after some time. You can poll the API or configure the web hooks(coming soon) to know the time when video is ready. You should only load the video player if the video is ready.

Some sample code for the above operations:

• PHP
• C#

The complete VdoCipher API reference for Server APIs, player embedding and player customizations can be accessed through the API page. You can use VdoCipher API v3 to build a workflow around your video website as suggested in this blog.

The post Video upload from website or server to VdoCipher API appeared first on VdoCipher Blog.

https://gist.github.com/vibhavsinha/8029efcf0b66016f8040

The code should work out of the box after extracting inside PHP running server and replacing secret_key and video_id.

The structure of annotation JSON is described in the link : Add text to videos with watermark

For other API and details, check out documentation or contact us directly at info@vdocipher.com.

The post ASP.NET implementation of VdoCipher API appeared first on VdoCipher Blog.

https://gist.github.com/vibhavsinha/ffae3259b43647e85829

The code should work out of the box after extracting inside ASP server and replacing secret_key and video_id.

The structure of annotation JSON is described in the link : Add text to videos with watermark

The post ASP implementation of VdoCipher API appeared first on VdoCipher Blog.