Skip to main content

Channel Access

For managing access to channels, Vindral has the following layers:

  • stream key - used for ingesting live streams and private Channel API endpoints
  • public key / channel id - used for viewing live streams and public Channel API endpoints
  • auth secret - used for signing auth token
  • jwt / auth token - used for authorizing

This information can be found in the Vindral Portal.


Think twice before sharing your stream key or auth secret token with anyone! With the stream key, they will be able to ingest content into your channel.

Ingress authorization

The standard ingress authorization is via the stream key. It is a GUID made up of organization, channel name, and a GUID. In most cases, this is enough level of authorization.

Example for RTMP ingress: rtmps://

Access authorization

The standard access authorization is done via the public key, also called channel id. It is a GUID made up of organization, channel name, and a GUID. No one will be able to guess the GUID. In most cases, this is enough protection as it is unlikely that anyone without access to the stream will be able to guess the GUID.

Example for an embedded player:

Advanced authorization

If a more detailed authorization is needed, JSON Web Tokens (JWT) enable specific access permissions. JWTs can be signed using your auth secret, giving access for either viewing a stream or ingesting a stream, for a limited time, together with the public key. Using JWT, it is possible to grant access to a set of channels (a Channel Group) or a specific channel.

Read more about advanced authorization.

Geographical access limitation

In the Portal, you may limit access to a channel by denying (or allowing) specific countries, a handy feature if you have content that needs to be restricted due to, e.g., legal reasons. By default, all channels are open to all countries.

See the Management API channel update section for information on programmatically setting geographical limitations.