Widevine Integration

Deploying video players with widevine licence server.

Enable DRM

DRM encryption needs to be enabled via profile settings first. Please go to the video profiles section on the Gumlet dashboard and either edit the existing profile or create a new profile with the DRM option enabled as shown in the screenshot.


Enable DRM in the profile section of Gumlet

Once this is enabled, you can process a new video using this profile and that video will be DRM encrypted.


Heads Up!

By default, your account uses staging credentials for Widevine DRM. You can only process maximum of 5 videos with staging credentials.

Please fill https://forms.gle/eja8RbxAEfqTVyyFA to request production credentials for Widevine.

Playing DRM Content

Once a video is DRM encrypted, it can't be played only via playback URL. DRM playback also needs Licence Server URL along with the playback URL to play the content. The license server URL will inform the player of the place from where the license can be acquired.

For security reasons, the Licence Server URL needs an authentication token to be passed so it knows the request for the license is legitimate.

Obtain Licence Server URL and Secret Key

Please go to the DRM Credentials page on the Gumlet dashboard to get:

Once you get them, the following sample code can be used to generate auth token.

Create Auth Token

const crypto = require('crypto');

// Secret Key provided by Gumlet
let proxySecret = "<widevine proxy secret>";

// this is content id for asset. for gumlet processed videos, it's same as asset_id
let content_id = "<content_id>";

//License Proxy URL from gumlet dashboard....
let widevineProxy = "<widevine Proxy URL>"

// Licence Server URL provided by Gumlet
let proxyUrl = `${widevineProxy}/${content_id}`;

proxySecret = Buffer.from(proxySecret, 'base64');

// expiration time in seconds
let tokenlifetime = 30;

let queryparams = {
	expires: Math.round(Date.now() + tokenlifetime*1000)

let stringForTokenGeneration = `${proxyUrl.slice(35)}?` + (new URLSearchParams(queryparams)).toString();

let signature = crypto.createHmac('sha1', proxySecret).update(stringForTokenGeneration).digest('hex');

console.log(`Auth Token: ${signature}`);

console.log(`Signed Licence Server URL: ${proxyUrl}?${(new URLSearchParams(queryparams)).toString()}&token=${signature}`);

License Server URL with secure token should look like this: https://widevine.gumlet.com/licence/627b533efd2da43909008561/627b533efd2da43909008562?expires=1652258263811&token=9290ba08e7743655a450b9543bdca737ea973b61


Token Lifetime

You can't set token expiration time more than 10 minutes.

We however recommend it to set to 30 seconds and for each video playback, you should generate new token from backend and send it to frontend to start playback.

This mechanism ensures only authorized users are allowed to view content and sharing video links will result in playback failure.

Query parameter reference

ParameterDescriptionDefault valueRequired?
expiresNumber of milliseconds since epoch. This parameter defines time after which the signed URL will expire.-yes
tokenThe signing token generated as per above example-yes
hardware_secureSpecifies if SD stream and audio should be allowed only on devices with hardware decode. HD and UHD streams (720p and above) always require hardware decode (Widevine Level 1).falseno
rental_durationControls how long the user's device can persist the license. At the end of the specified duration, the license would be automatically revoked and the user won't be able to play the DRM-protected content. (specified in seconds)nullno
playback_durationIndicates the amount of time the license is valid after first (initial) use. (specified in seconds)nullno

Use Licence Server URL with Video Players

Without configuring the license proxy with your video players, players won't be able to play/decrypt encrypted videos. Following are the code snippets for configuring license proxies with various widely used video players.

Shaka Player

Add the following code snippet after initializing the shaka player.

let cert_response = await fetch('<CERTIFICATE URL GOES HERE>');
let widevine_cert = await cert_response.arrayBuffer();

    drm: {
        servers: {
            'com.widevine.alpha': "<LICENSE SERVER URL GOES HERE>"
        advanced: {
            'com.widevine.alpha': {
              	'serverCertificate': new Uint8Array(widevine_cert),
                'videoRobustness': 'SW_SECURE_CRYPTO',
                'audioRobustness': 'SW_SECURE_CRYPTO'