驗證廣告連播片段要求

如果是伺服器端廣告縫合,資訊清單操控器會向 Google DAI 發出廣告連播片段要求。詳情請參閱「建立廣告區隔網址」。

本頁說明如何使用 HMAC 權杖驗證廣告連播片段要求。

事前準備

請先完成下列事項,再繼續操作:

產生 HMAC 權杖

如要產生權杖,請按照下列步驟操作:

  1. 收集為 Pod 區隔要求填入的路徑和查詢參數 (auth-token 除外)。如需完整清單,請參閱「方法:Pod 片段」。

  2. 將參數整理成單一字串。參數必須依字母順序排序,並以半形波浪號 ~ 分隔,例如:

    custom_asset_key=CUSTOM_ASSET_KEY~exp=EXPIRATION~network_code=NETWORK_CODE~pd=POD_DURATION~pod_id=POD_IDENTIFIER

  3. 使用 DAI 驗證金鑰計算權杖字串的 SHA-256 雜湊。

  4. 以十六進位格式輸出雜湊。

  5. 如要簽署權杖字串,請在先前收集的參數結尾附加簽章:

    custom_asset_key=...~hmac=HMAC_SIGNATURE

    使用 DAI 驗證金鑰雜湊處理權杖字串,然後以產生的簽章取代 HMAC_SIGNATURE

  6. 如要安全地傳遞已簽署的權杖字串,請對已簽署的權杖字串進行網址編碼。

    以下範例會產生已簽署權杖字串的網址編碼值:

HTTP 即時串流

# Add 60 seconds to the current time
future_epoch=$((EPOCHSECONDS + 60))

echo "Current: $EPOCHSECONDS"
echo "Future: $future_epoch"
# Current: 1774465950
# Future: 1774466010

# Sample DAI pod resource authentication key
key="EB08..."

# Sort parameters in the token string
token="ad_break_id=ab1~custom_asset_key=hls-pod-serving-redirect-auth-stream-pod~exp=1774466010~network_code=21775744923~pd=30000"

# Generate the token's signature.
echo -n $token | openssl dgst -sha256 -mac HMAC -macopt key:$key

# SHA2-256(stdin)= ff38abab31b436351e20ecd57bcc5b97acd9461abb71c4cf9c9731add965ecf2

# Sign the token: ad_break_id=ab1~custom_asset_key=hls-pod-serving-redirect-auth-stream-pod~exp=1774466010~network_code=21775744923~pd=30000~hmac=ff38abab31b436351e20ecd57bcc5b97acd9461abb71c4cf9c9731add965ecf2

# Encode the token: ad_break_id%3Dab1~custom_asset_key%3Dhls-pod-serving-redirect-auth-stream-pod~exp%3D1774466010~network_code%3D21775744923~pd%3D30000~hmac%3Dff38abab31b436351e20ecd57bcc5b97acd9461abb71c4cf9c9731add965ecf2

DASH 

# Add 60 seconds to the current time
future_epoch=$((EPOCHSECONDS + 60))

echo "Current: $EPOCHSECONDS"
echo "Future: $future_epoch"
# Current: 1769540517
# Future: 1769540577

# Sample DAI pod resource authentication key
key="EB08..."

# Sort parameters in the token string
token="ad_break_id=ab1~custom_asset_key=dash-pod-serving-redirect-auth-stream-pod~exp=1774466641~network_code=21775744923~pd=30000"

# Generate the token's signature.
echo -n $token | openssl dgst -sha256 -mac HMAC -macopt key:$key

# SHA2-256(stdin)= 7249f9193778f2318314519ff2cea5c47958bc7fdd2eaf24008352867af0a050

# Sign the token: ad_break_id=ab1~custom_asset_key=dash-pod-serving-redirect-auth-stream-pod~exp=1774466641~network_code=21775744923~pd=30000~hmac=7249f9193778f2318314519ff2cea5c47958bc7fdd2eaf24008352867af0a050

# Encode the token: ad_break_id%3Dab1~custom_asset_key%3Ddash-pod-serving-redirect-auth-stream-pod~exp%3D1774466641~network_code%3D21775744923~pd%3D30000~hmac%3D7249f9193778f2318314519ff2cea5c47958bc7fdd2eaf24008352867af0a050

驗證 HLS 廣告連播區隔要求

如要驗證 Pod 資源要求,請使用 auth-token 查詢字串參數傳遞網址編碼的已簽署 HMAC 權杖。

HTTP 即時串流

以下範例使用 HMAC 權杖驗證 HLS Pod 片段要求:

curl --include "https://dai.google.com/linear/pods/v1/seg/network/21775744923/custom_asset/hls-pod-serving-redirect-auth-stream-pod/ad_break_id/ab1/profile/media-ts-4628000bps/0.ts?stream_id=51b85d28-7ed5-48da-bfd8-e013b7d7b204:DLS&&sd=10000&pd=30000&auth-token=ad_break_id%3Dab1~custom_asset_key%3Dhls-pod-serving-redirect-auth-stream-pod~exp%3D1774466010~network_code%3D21775744923~pd%3D30000~hmac%3Dff38abab31b436351e20ecd57bcc5b97acd9461abb71c4cf9c9731add965ecf2"

如果成功,您會看到下列回應:

...
< HTTP/2 302
< access-control-allow-headers: Authorization
< access-control-allow-origin: *
< access-control-expose-headers: Location
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< date: Wed, 25 Mar 2026 18:13:40 GMT
< expires: Mon, 01 Jan 1990 00:00:00 GMT
< location: https://redirector.googlevideo.com/....
< pragma: no-cache
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
...

如要瞭解回應結構和狀態碼,請參閱「方法:pod segment」。

如果驗證失敗,你會看到 x-ad-manager-dai-warning

...
< HTTP/2 302
< access-control-allow-headers: Authorization
< access-control-allow-origin: *
< access-control-expose-headers: Location
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< date: Wed, 25 Mar 2026 18:17:21 GMT
< expires: Mon, 01 Jan 1990 00:00:00 GMT
< location: https://redirector.googlevideo.com/....
< pragma: no-cache
< x-ad-manager-dai-warning: Unable to create ad break due to Unauthorized error (skipping ad break creation)
< x-content-type-options: nosniff
...

DASH

以下範例使用 HMAC 權杖驗證 DASH Pod 片段要求:

curl --include "https://dai.google.com/linear/pods/v1/seg/network/21775744923/custom_asset/dash-pod-serving-redirect-auth-stream-pod/ad_break_id/ab1/profile/media-ts-4628000bps/0.ts?stream_id=8b061ab5-1efc-4e4d-882f-ae3c071df854:ATL&&sd=10000&pd=30000&auth-token=ad_break_id%3Dab1~custom_asset_key%3Ddash-pod-serving-redirect-auth-stream-pod~exp%3D1774466641~network_code%3D21775744923~pd%3D30000~hmac%3D7249f9193778f2318314519ff2cea5c47958bc7fdd2eaf24008352867af0a050"

如果成功,您會看到下列回應:

...
HTTP/2 302
..
location: https://redirector.googlevideo.com/....
...

如要瞭解回應結構和狀態碼,請參閱「方法:pod segment」。

如果驗證失敗,您會看到 x-ad-manager-dai-warning,如下所示:

...
HTTP/2 302
..
location: https://redirector.googlevideo.com/....
pragma: no-cache
x-ad-manager-dai-warning: Unable to create ad break due to Unauthorized error (skipping ad break creation)
x-content-type-options: nosniff
...