Autenticare le richieste di manifest del pod di annunci

Per l'inserimento di annunci guidato dal server, la tua app effettua una richiesta di file manifest del pod di annunci. Per saperne di più, consulta Generare l'URL del file manifest del pod di annunci.

Questa pagina spiega come autenticare le richieste di file manifest del pod utilizzando i token HMAC (Hash-Based Message Authentication Code).

Prima di iniziare

Prima di continuare, completa queste operazioni:

Generare un token HMAC

Per generare un token:

  1. Raccogli il percorso e i parametri di query (tranne auth-token) compilati per la richiesta di file manifest del pod. Per un elenco completo, consulta Metodo: file manifest del pod HLS o Metodo: file manifest del pod DASH.

  2. Combina le stringhe di chiave e valore dei parametri. Devi ordinare i parametri in ordine alfabetico e separarli con il carattere tilde ~, ad esempio:

    ad_break_id=AD_BREAK_ID~custom_asset_key=CUSTOM_ASSET_KEY~exp=EXPIRATION~network_code=NETWORK_CODE~pd=POD_DURATION

  3. Calcola un hash SHA-256 della stringa del token utilizzando la chiave di autenticazione DAI.

  4. Formatta l'output dell'hash in formato esadecimale.

  5. Per firmare la stringa del token, aggiungi la firma alla fine dei parametri raccolti in precedenza:

    ad_break_id=...~hmac=HMAC_SIGNATURE`

    Sostituisci HMAC_SIGNATURE con la firma generata eseguendo l'hashing della stringa del token utilizzando la chiave di autenticazione DAI.

  6. Per trasmettere in modo sicuro la stringa del token firmata, applica la codifica URL alla stringa del token firmata.

L'esempio seguente genera il valore con codifica URL di una stringa del token firmata:

HLS 

# Add 60 seconds to the current time
future_epoch=$((EPOCHSECONDS + 60))

echo "Current: $EPOCHSECONDS"
echo "Future: $future_epoch"
# Current: 1774464277
# Future: 1774464337

# Sample DAI pod resource authentication key
key="EB089..."

# Sort parameters in the token string
token="ad_break_id=ab-001~custom_asset_key=hls-pod-serving-manifest-auth-stream-pod~exp=1774464337~network_code=21775744923~pd=30000"

# Generate the token's signature.
echo -n $token | openssl dgst -sha256 -mac HMAC -macopt key:$key

# SHA2-256(stdin)= 68ce65522e0b5f0b4e9a842a0a300e5cba8d14502268b18f66619abcc4dc016e

# Sign the token: ad_break_id=ab-001~custom_asset_key=hls-pod-serving-manifest-auth-stream-pod~exp=1774464337~network_code=21775744923~pd=30000~hmac=68ce65522e0b5f0b4e9a842a0a300e5cba8d14502268b18f66619abcc4dc016e

# Encode the token:
ad_break_id%3Dab-001~custom_asset_key%3Dhls-pod-serving-manifest-auth-stream-pod~exp%3D1774464337~network_code%3D21775744923~pd%3D30000~hmac%3D68ce65522e0b5f0b4e9a842a0a300e5cba8d14502268b18f66619abcc4dc016e

DASH 

# Add 60 seconds to the current time
future_epoch=$((EPOCHSECONDS + 60))

echo "Current: $EPOCHSECONDS"
echo "Future: $future_epoch"
# Current: 1774464770
# Future: 1774464830

# Sample DAI pod resource authentication key
key="EB08..."

# Assemble parameters in the token string
token="ad_break_id=ab-001~custom_asset_key=dash-pod-serving-manifest-auth-stream-pod~exp=1774464830~network_code=21775744923~pd=30000"

# Generate the token's signature.
echo -n $token | openssl dgst -sha256 -mac HMAC -macopt key:$key

# SHA2-256(stdin)= 51ce9544b2f04a27d5a818bd982c262f97b7bc64d9e8ea07d13ae73e04062614

# Sign the token: ad_break_id=ab-001~custom_asset_key=dash-pod-serving-manifest-auth-stream-pod~exp=1774464830~network_code=21775744923~pd=30000~hmac=51ce9544b2f04a27d5a818bd982c262f97b7bc64d9e8ea07d13ae73e04062614

# Encode the token: ad_break_id%3Dab-001~custom_asset_key%3Ddash-pod-serving-manifest-auth-stream-pod~exp%3D1774464830~network_code%3D21775744923~pd%3D30000~hmac%3D51ce9544b2f04a27d5a818bd982c262f97b7bc64d9e8ea07d13ae73e04062614

Autenticare una richiesta di file manifest del pod

Per autenticare le richieste di file manifest del pod, utilizza il parametro della stringa di query auth-token per trasmettere il token HMAC firmato con codifica URL.

HLS

L'esempio seguente utilizza un token HMAC per autenticare una richiesta di file manifest del pod HLS:

curl --include "https://dai.google.com/linear/pods/v1/hls/network/21775744923/custom_asset/hls-pod-serving-manifest-auth-stream-pod/ad_break_id/ab-001.m3u8?stream_id=381c29ff-9015-4f9f-8a43-e2e13822473a:ATL&pd=30000&auth-token=ad_break_id%3Dab-001~custom_asset_key%3Dhls-pod-serving-manifest-auth-stream-pod~exp%3D1774464337~network_code%3D21775744923~pd%3D30000~hmac%3D68ce65522e0b5f0b4e9a842a0a300e5cba8d14502268b18f66619abcc4dc016e"

Se l'operazione va a buon fine, viene visualizzata la seguente risposta:

...
< HTTP/2 200
< vary: Accept-Encoding
<
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-MEDIA:TYPE=AUDIO,URI="https://dai.google.com/linear/pods/v1/hls/event/o35L8Xl8TFa2naph5beXsw/ab_break_id/ab-001/profile/fmp4-audio-128kbps.m3u8?pd=30000&stream_id=9331d770-ae82-460a-96d4-b971eb6f8fa0%3ADLS",GROUP-ID="AUDIO",NAME="mp4a.40.2-0",DEFAULT=YES
#EXT-X-STREAM-INF:BANDWIDTH=1268994,RESOLUTION=1280x720,CODECS="avc1.64001e,mp4a.40.2",AUDIO="AUDIO"
https://dai.google.com/linear/pods/v1/hls/event/o35L8Xl8TFa2naph5beXsw/ad_break_id/ab-001/profile/Video-1200k.m3u8?pd=30000&stream_id=9331d770-ae82-460a-96d4-b971eb6f8fa0%3ADLS
#EXT-X-STREAM-INF:BANDWIDTH=5114591,RESOLUTION=1280x720,CODECS="avc1.4d401f,mp4a.40.2",AUDIO="AUDIO"
...

Per comprendere la struttura della risposta e i codici di stato, consulta Metodo: file manifest del pod HLS.

Se l'autenticazione non riesce, viene visualizzato x-ad-manager-dai-warning:

...
< HTTP/2 200
< x-ad-manager-dai-warning: Unable to create ad break due to Unauthorized error (skipping ad break creation)
....
<
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-MEDIA:TYPE=AUDIO,URI="https://dai.google.com/linear/pods/v1/hls/event/o35L8Xl8TFa2naph5beXsw/ad_break_id/ab-001/profile/fmp4-audio-128kbps.m3u8?pd=30000&stream_id=381c29ff-9015-4f9f-8a43-e2e13822473a%3AATL",GROUP-ID="AUDIO",NAME="mp4a.40.2-0",DEFAULT=YES
#EXT-X-STREAM-INF:BANDWIDTH=1268994,RESOLUTION=1280x720,CODECS="avc1.64001e,mp4a.40.2",AUDIO="AUDIO"
https://dai.google.com/linear/pods/v1/hls/event/o35L8Xl8TFa2naph5beXsw/ad_break_id/ab-001/profile/Video-1200k.m3u8?pd=30000&stream_id=381c29ff-9015-4f9f-8a43-e2e13822473a%3AATL
#EXT-X-STREAM-INF:BANDWIDTH=5114591,RESOLUTION=1280x720,CODECS="avc1.4d401f,mp4a.40.2",AUDIO="AUDIO"
https://dai.google.com/linear/pods/v1/hls/event/o35L8Xl8TFa2naph5beXsw/ad_break_id/ab-001/profile/media-ts-4628000bps.m3u8?pd=30000&stream_id=381c29ff-9015-4f9f-8a43-e2e13822473a%3AATL

DASH

L'esempio seguente utilizza un token HMAC per autenticare una richiesta di file manifest del pod DASH:

curl --include "https://dai.google.com/linear/pods/v1/dash/network/21775744923/custom_asset/dash-pod-serving-manifest-auth-stream-pod/stream/310b1882-4a62-436a-99b1-ca56435b48f6:TUL/ad_break_id/ab-001/manifest.mpd?pd=30000&auth-token=ad_break_id%3Dab-001~custom_asset_key%3Ddash-pod-serving-manifest-auth-stream-pod~exp%3D1774464830~network_code%3D21775744923~pd%3D30000~hmac%3D51ce9544b2f04a27d5a818bd982c262f97b7bc64d9e8ea07d13ae73e04062614"

Se l'operazione va a buon fine, viene visualizzata la seguente risposta:

...
HTTP/2 200
<?xml version="1.0" encoding="UTF-8"?>
<MPD xmlns="urn:mpeg:dash:schema:mpd:2011" xmlns:_XMLSchema-instance="http://www.w3.org/2001/XMLSchema-instance" _XMLSchema-instance:schemaLocation="urn:mpeg:dash:schema:mpd:2011 DASH-MPD.xsd" id="201" profiles="urn:hbbtv:dash:profile:isoff-live:2012" type="static" mediaPresentationDuration="PT30S" minBufferTime="PT2S">
<Period id="1" duration="PT30S">
  <BaseURL>https://dai.google.com/linear/pods/v1/seg/event/310b1882-4a62-436a-99b1-ca56435b48f6:TUL/ad_break_id/ab-001/profile/</BaseURL>
  <SegmentTemplate startNumber="0" media="$RepresentationID$/$Number$.mp4?stream_id=310b1882-4a62-436a-99b1-ca56435b48f6:TUL&amp;sd=5000&amp;pd=30000" initialization="$RepresentationID$/init.mp4?stream_id=310b1882-4a62-436a-99b1-ca56435b48f6:TUL&amp;pd=30000">
    <SegmentTimeline>
      <S d="5" r="5"/>
    </SegmentTimeline>
  </SegmentTemplate>
  <AdaptationSet mimeType="video/mp4" scanType="progressive" contentType="video">
    <Role schemeIdUri="urn:mpeg:dash:role:2011" value="main"/>
    <Representation width="1280" height="720" frameRate="25" codecs="avc1.64001f" id="Video-1200k" bandwidth="1300000">
      <InbandEventStream schemeIdUri="https://developer.apple.com/streaming/emsg-id3"/>
    </Representation>
  </AdaptationSet>
  <AdaptationSet mimeType="audio/mp4" scanType="progressive" contentType="audio">
    <Role schemeIdUri="urn:mpeg:dash:role:2011" value="main"/>
    <Representation audioSamplingRate="48000" codecs="mp4a.40.2" id="fmp4-audio-128kbps" bandwidth="128000">
      <AudioChannelConfiguration schemeIdUri="urn:mpeg:dash:23003:3:audio_channel_configuration:2011" value="2"/>
    </Representation>
  </AdaptationSet>
</Period>
</MPD>

Per comprendere la struttura della risposta e i codici di stato, consulta Metodo: file manifest del pod DASH.

Se l'autenticazione non riesce, viene visualizzato x-ad-manager-dai-warning:

...
< HTTP/2 200
< access-control-allow-headers: Authorization
< x-ad-manager-dai-warning: Unable to create ad break due to Unauthorized error (skipping ad break creation)
<
<?xml version="1.0" encoding="UTF-8"?>
<MPD xmlns="urn:mpeg:dash:schema:mpd:2011" xmlns:_XMLSchema-instance="http://www.w3.org/2001/XMLSchema-instance" _XMLSchema-instance:schemaLocation="urn:mpeg:dash:schema:mpd:2011 DASH-MPD.xsd" id="201" profiles="urn:hbbtv:dash:profile:isoff-live:2012" type="static" mediaPresentationDuration="PT30S" minBufferTime="PT2S">
<Period id="1" duration="PT30S">
<BaseURL>https://dai.google.com/linear/pods/v1/seg/event/310b1882-4a62-436a-99b1-ca56435b48f6:TUL/ad_break_id/ab-001/profile/</BaseURL>
<SegmentTemplate startNumber="0" media="$RepresentationID$/$Number$.mp4?stream_id=310b1882-4a62-436a-99b1-ca56435b48f6:TUL&amp;sd=5000&amp;pd=30000" initialization="$RepresentationID$/init.mp4?stream_id=310b1882-4a62-436a-99b1-ca56435b48f6:TUL&amp;pd=30000">
<SegmentTimeline>
<S d="5" r="5"/>
</SegmentTimeline>
</SegmentTemplate>
<AdaptationSet mimeType="video/mp4" scanType="progressive" contentType="video">
<Role schemeIdUri="urn:mpeg:dash:role:2011" value="main"/>
<Representation width="1280" height="720" frameRate="25" codecs="avc1.64001f" id="Video-1200k" bandwidth="1300000">
<InbandEventStream schemeIdUri="https://developer.apple.com/streaming/emsg-id3"/>
</Representation>
</AdaptationSet>
<AdaptationSet mimeType="audio/mp4" scanType="progressive" contentType="audio">
<Role schemeIdUri="urn:mpeg:dash:role:2011" value="main"/>
<Representation audioSamplingRate="48000" codecs="mp4a.40.2" id="fmp4-audio-128kbps" bandwidth="128000">
<AudioChannelConfiguration schemeIdUri="urn:mpeg:dash:23003:3:audio_channel_configuration:2011" value="2"/>
</Representation>
</AdaptationSet>
</Period>
</MPD>