The Time-based One-time Password algorithm (TOTP) is the recently implemented stream security mechanism in Ant Media Server. This can provide tokens that are valid for a time period. Publishers or players should use these tokens in time to be able to publish or play.
What is a Time-based One-Time Password (TOTP)?
The Time-based One-time Password algorithm (TOTP) is an extension of the HMAC-based One-time Password algorithm (HOTP) that generates a one-time password (OTP) by instead taking uniqueness from the current time. You can find more on TOTP here.
How to use TOTP in Ant Media Server
We define a publisher or player as a subscriber. If time-based token enabled, a subscriber should be created for the stream to able to publish or play. Each subscriber has an ID and a code. When a subscriber requests to publish or play a stream, he should provide his ID and time-based token generated for his code. Otherwise, the server doesn’t accept the publish or play request.
Enabling TOTP and Related Settings
You can enable Time-based One-Time Password (TOTP) using Management Panel or in the configuration file as settings.timeTokenSubscriberOnly=true
You can also set the TOTP period in seconds in the configuration file as settings.timeTokenPeriod=60
Subscriber REST Operations
You should create subscribers and assign them a base 32 secret to each subscriber. A secret should be in the length of multiple of 8 characters. You can create, delete, and list subscribers using REST API as in the following curl samples:
Create Subscriber
curl -X POST -H "Accept: Application/json" -H "Content-Type: application/json" http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscribers -d '{"subscriberId":"publisherA", "b32Secret":"mysecret", "type":"publish"}'
or
curl -X POST -H "Accept: Application/json" -H "Content-Type: application/json" http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscribers -d '{"subscriberId":"playerB", "b32Secret":"mysecret", "type":"play"}'
Delete subscriber
curl -X DELETE -H "Accept: Application/json" -H "Content-Type: application/json" http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscribers/publisherA
Delete all subscribers
curl -X DELETE -H "Accept: Application/json" -H "Content-Type: application/json" http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscribers
List All Subscribers
curl -i -H "Accept: Application/json" -X GET "http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscribers/list/0/5"
Publish/Play Stream
A subscriber (publisher or player) should pass subscriber id and generated TOTP to publish or play.
Publish URL
http://localhost:5080/WebRTCAppEE/?subscriberId=publisherA&subscriberCode= 440456
Player URL
http://localhost:5080/WebRTCAppEE/?subscriberId=playerB&subscriberCode= 438610
Subscriber Statistics
You can get the stats for each subscriber with the following REST method.
curl -i -H "Accept: Application/json" -X GET "http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscriber-stats/list/0/5"
The response contains the following stats for the subscribers:
- Connection/Disconnection events with timestamp
- Average Video Bitrate
- Average Audio Bitrate
When to use TOTP?
If you want to let only authenticated users publish to or play from your Ant Media Server, you may consider using TOTP. You can provide tokens to users for a restricted period. Also if you need the statistics for the user you can also use TOTP token.
In this post, we introduced the Time-based One-Time Password (TOTP) and usage in Ant Media Server for stream security. You can find about the other mechanisms for stream security from this post.
Useful Links
You can try Ant Media Server for free with all features!
You can download native Android and iOS WebRTC SDKs and integrate them into your applications for free!
Ant Media Server Github Wiki
You would want to check WebRTC Network Measurement Test Tool introduction, Setting up an Ant Media Server Scaling Solution with CloudFormation in 5 Minutes.
We are always with you for all your questions. You can reach us via contact@antmedia.io.