Guides
Start typing to search…

License Server Setup

How to work with Gumlet DRM license servers.

Gumlet provides license servers for both Widevine and FairPlay. Please visit the DRM Credentials page to get information about the servers and URL signing secret which will be required in this guide.

Please note that this setup is only required to play DRM-encrypted videos. Regular video playback does not need a license server setup.

🚧

If you are using Gumlet iFrame or Gumlet embed / webview SDK, you don't need any of these.

This guide is for developers who are integrating Gumlet with their own Javascript or native video players.

License Server URLs

You need a couple of license servers and certificate URLs to get started. You will get them on DRM Credentials page.

Widevine License Server URL Prefix: https://widevine.gumlet.com/licence/<ORG_ID>

Fairplay License Server URL Prefix: https://fairplay.gumlet.com/licence/<ORG_ID>

Fairplay Certificate URL: https://fairplay.gumlet.com/certificate/<ORG_ID>

These are prefixes. An actual license server URL looks like this:

Widevine: https://widevine.gumlet.com/licence/<ORG_ID>/<ASSET_ID>?token=<sign_token>&expires=<token_expiry>

Fairplay: https://fairplay.gumlet.com/licence/<ORG_ID>/<ASSET_ID>?token=<sign_token>&expires=<token_expiry>

Generate Token and Expiry

As you can see above, you need sign_token and token_expiry for this to work. We will show here how to generate it in JavaScript / PHP. You can do the same in other languages.

❗️

Always generate the token on your server. Never reveal the signSecret to your clients.

const crypto = require('crypto');

// Get secret from https://dash.gumlet.com/developer/drm-credentials
let signSecret = '<proxy secret>';

// Replace orgId and assetId with actual values
const orgId = 'myorg';
const assetId = 'myasset';
let stringToSign = `/${orgId}/${assetId}`;

const signSecretB64 = Buffer.from(signSecret, 'base64');

// expiration time in seconds
let tokenlifetime = 300;

const expires = Math.round(Date.now() + tokenlifetime*1000)

const queryparams = {
  expires
	// if you are using more parameters, add here. Reference is in the table after this code block.
};

const stringForTokenGeneration = `${stringToSign}?` + (new URLSearchParams(queryparams)).toString();

const token = crypto.createHmac('sha1', signSecretB64).update(stringForTokenGeneration).digest('hex');

// you can now use token and expires variables to append to license server URLs.
console.log('Expires:', expires);
console.log('Token:', token);

// Widevine
console.log(`https://widevine.gumlet.com/licence/${orgId}/${assetId}?token=${token}&expires=${expires}`)

// FairPlay
console.log(`https://fairplay.gumlet.com/licence/${orgId}/${assetId}?token=${token}&expires=${expires}`)
// Fairplay Certificate URL
console.log(`https://fairplay.gumlet.com/certificate/${orgId}/`)
<?php

// Replace orgId and assetId with correct values
$orgId = '<myorgid>';
$assetId = '<myassetid>';

$stringToSign = '/' . $orgId . '/' . $assetId;

// Get secret from https://dash.gumlet.com/developer/drm-credentials
$signSecret = '<sign secret>';

// Decode the base64 secret
$signSecret = base64_decode($signSecret, true);

// expiration time in seconds
$tokenLifetime = 300;

$nowMs = (int) round(microtime(true) * 1000);
$expires = (int) round($nowMs + $tokenLifetime * 1000);

$queryparams = [
    'expires' => $expires,
];

$pathAndQuery = $stringToSign. '?' . http_build_query($queryparams);

$token = hash_hmac('sha1', $pathAndQuery, $signSecret, false);

// Now you can use $token and $expires and append to license server URLs

// Widevine
echo 'https://widevine.gumlet.com/licence/' . $orgId . '/' . $assetId . '?expires=' . $expires . '&token=' . $token;

// FairPlay
echo 'https://fairplay.gumlet.com/licence/' . $orgId . '/' . $assetId . '?expires=' . $expires . '&token=' . $token;
// FairPlay Certificate URL
echo 'https://fairplay.gumlet.com/certificate/' . $orgId . '/';

Query parameter reference

Both license servers accept the following parameters. If you use them, you need to add them in the queryparams code above.

ParameterDescriptionDefault valueRequired?
expiresNumber of milliseconds since epoch. This parameter defines time after which the signed URL will expire.-yes
tokenThe signing token generated as per the above example-yes
hardware_secureSpecifies if SD stream and audio should be allowed only on devices with hardware decode. HD and UHD streams (720p and above) always require hardware decode (Widevine Level 1).falseno
rental_durationControls how long the user's device can persist the license. At the end of the specified duration, the license would be automatically revoked, and the user wouldn't be able to play the DRM-protected content. (specified in seconds)nullno
playback_durationIndicates the amount of time the license is valid after the first (initial) use. (specified in seconds)nullno

Updated about 14 hours ago