Token Creation

This token is created using an HMAC MD5 hash of your API secret, the IP address of the client requesting the token, and a timestamp:

1) Concatenating the API secret with the timestamp as follows:

secret:ip_address_string:timestamp

Where:

• The timestamp value is the number of milliseconds since the Unix epoch, i.e. number of milliseconds since midnight January 1st 1970, UTC.

• The ip_address_string is the human-readable string representation of an IPv4 address.

• The separator between the secret and the timestamp is the character “:” (UTF char code 3A).

2) Generating an HMAC MD5 value from the string created in step 1), and converting this value to a string in hexadecimal format.

Example Java code to generate an IMG Arena API Token would be as follows:

import java.io.UnsupportedEncodingException; 
import java.security.InvalidKeyException; 
import java.security.NoSuchAlgorithmException; 
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec; 
import org.apache.commons.codec.binary.Hex;

public class TokenGenerator {
       private static final String SAMPLE_TOKEN = "testtoken"; 
       private static final String UTF_8 = "UTF-8";
       private static final String HMAC_MD5 = "HmacMD5";
       
       public static String getToken(String secret, String ip, long timestamp) 
                            throws NoSuchAlgorithmException, InvalidKeyException,
                            UnsupportedEncodingException {
    
              String keyString = secret + ":" + ip + ":" + timestamp;
              SecretKey key = new SecretKeySpec(secret.getBytes(UTF_8), HMAC_MD5); 
              Mac mac = Mac.getInstance(HMAC_MD5);
              mac.init(key);
              return Hex.encodeHexString(mac.doFinal(keyString.getBytes(UTF_8)));
        }
              
        public static void main(String[] args) throws Exception { 
            long time = System.currentTimeMillis();
            String a = getToken(SAMPLE_TOKEN, "1.2.3.4", time); 
            System.out.println(a + ":" + time);
        } 
}

Running the code in the main method with a sample secret of “testtoken”, the IP address “1.2.3.4” and the timestamp “1385554442935” provides the following token:

51cc11786ddac11c7af450ec5b42aee4

Token validity

Every API token is valid for a period of 30 seconds after being generated. An Invalid token will cause the API to return an HTTP 401 (Unauthorized) response.

Stream URL validity

All stream URLs are secured and authenticated, and require the client to initiate the stream within 30 seconds of the URL being issued. The stream URLs are valid for the full duration of the live streaming session after the initial request.