AI-generated Key Takeaways
-
Segment requests using segment redirect pod serving require an HMAC-signed token for authentication unless using early ad break notifications.
-
The authentication token can be calculated once per ad break and used across all stream sessions.
-
To create the token, gather parameters such as
custom_asset_key,exp,network_code,pod_id, andpd(required except for durationless ad breaks), along with optional parameters likecust_paramsandscte35. -
The token string is formatted with
name=valuepairs separated by a tilde (~), listed alphabetically. -
An HMAC signature is generated using a SHA-256 hash of the token string and an HMAC authentication key, then appended to the token string and finally URL-encoded.
Each segment or manifest request made using pod serving must include a HMAC-signed token for authentication, as a fallback of early ad break notifications.
This token can be calculated once per ad break and shared across all stream sessions.
Gather token parameters
Gather the following information from the current ad break, to populate the token body.
| Token Parameters | ||
|---|---|---|
ad_break_id
|
Required if pod_id parameter is not provided.
|
The string identifier for the ad break. |
custom_asset_key
|
Required if event parameter is not provided.
|
The custom livestream asset key, from Google Ad Manager. |
cust_params
|
Optional | The custom targeting parameters for the ad break. |
event
|
Required if custom_asset_key parameter is not provided.
|
The livestream asset key, generated by Google Ad Manager. |
exp
|
Required | Expiration timestamp for this token in seconds. |
network_code
|
Required if custom_asset_key parameter is provided.
|
The Ad Manager 360 network code for this network. |
pod_id
|
Required if ad_break_id parameter is not provided.
|
The numerical identifier for the ad break. |
pd
|
Required, except for events with duration-less ad breaks enabled. | The duration in milliseconds of the ad break. | scte35
|
Optional | The Base64-encoded SCTE-35 signal for the ad break. |
Create token string
list each parameter in alphabetical order, in the format name=value, with each
name-value pair separated by a tilde (~) character.
Optional parameters without a value can be left in-place with an empty string for the value, or removed entirely.
token string format
custom_asset_key={custom_asset_key}~exp={expiration}~network_code={network_code}~pd={pod_duration}~pod_id={ad_pod_index}~scte35={scte35_message}
Generate HMAC signature
The HMAC signature is a SHA-256 hash of the token string in HEX format. The secret key is the HMAC authentication key associated with your livestream event in Google Ad Manager.
Sign token string
Once generated, append the HMAC signature to the token string in the following format
~hmac={HMAC signature}
URL-encode token string
This token is passed as a URL parameter, so it must be URL-encoded for safety.
Example 1
Here's an example where unused optional parameters are included as empty strings.
Token string
cust_params=~custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~pod_id=5~scte35=
Secret key
A7490591290583E4B93189DEE7E287C299FC686872ABC7ADC9F9F536443505F
HMAC signature
ea1081cc1ab83cacd1e64073fc19e64616b2571249232917dc9f539cafb4b94e
Signed token
cust_params=~custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~pod_id=5~scte35=~hmac=ea1081cc1ab83cacd1e64073fc19e64616b2571249232917dc9f539cafb4b94e
URL-encoded signed token:
cust_params%3D~custom_asset_key%3DiYdOkYZdQ1KFULXSN0Gi7g~exp%3D1489680000~network_code%3D6062~pd%3D180000~pod_id%3D5~scte35%3D~hmac%3Dea1081cc1ab83cacd1e64073fc19e64616b2571249232917dc9f539cafb4b94e
Example 2
Here's an example where the unpopulated optional variables are omitted entirely.
Token string
custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~pod_id=5
Secret key
A7490591290583E4B93189DEE7E287C299FC686872ABC7ADC9F9F536443505F
HMAC signature
6a8c44c72e4718ff63ad2284edf2a8b9e319600b430349d31195c99b505858c9
Signed token
custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~pod_id=5~hmac=6a8c44c72e4718ff63ad2284edf2a8b9e319600b430349d31195c99b505858c9
URL-encoded signed token
custom_asset_key%3DiYdOkYZdQ1KFULXSN0Gi7g~exp%3D1489680000~network_code%3D6062~pd%3D180000~pod_id%3D5~hmac%3D6a8c44c72e4718ff63ad2284edf2a8b9e319600b430349d31195c99b505858c9
Example 3
Here's an example with ad_break_id.
Token string
ad_break_id=adbreak1~custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000
Secret key
A7490591290583E4B93189DEE7E287C299FC686872ABC7ADC9F9F536443505F
HMAC signature
327b23b80d032b0fa4c41b64a5e44fa7733af5bdbf173b7d89135aef05ae6d29
Signed token
ad_break_id=adbreak1~custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~hmac=327b23b80d032b0fa4c41b64a5e44fa7733af5bdbf173b7d89135aef05ae6d29
URL-encoded signed token
ad_break_id%3Dadbreak1~custom_asset_key%3DiYdOkYZdQ1KFULXSN0Gi7g~exp%3D1489680000~network_code%3D6062~pd%3D180000~hmac%3D327b23b80d032b0fa4c41b64a5e44fa7733af5bdbf173b7d89135aef05ae6d29