ContentKeyAuthorizationPolicyOption

Media Services supports multiple ways of authenticating users who make key requests. The content key authorization policy must be configured by you and met by the client (player) in order for the key to be delivered to the client. The content key authorization policy could have one or more authorization restrictions: open, token restriction, or IP restriction. You use ContentKeyAuthorizationPolicyOption to specify the authorization options. You then add the created options to ContentKeyAuthorizationPolicy.

Note that the Key Delivery service caches ContentKeyAuthorizationPolicy and its related objects (policy options and restrictions) for 15 minutes. If you create a ContentKeyAuthorizationPolicy and specify to use a “Token” restriction, then test it, and then update the policy to “Open” restriction, it will take roughly 15 minutes before the policy switches to the “Open” version of the policy.

This topic describes ContentKeyAuthorizationPolicyOption and shows how to use this entity. For a more complete example, that shows how to associate ContentKeyAuthorizationPolicyOption with ContentKeyAuthorizationPolicy, see ContentKeyAuthorizationPolicy.

Important

When accessing entities in Media Services, you must set specific header fields and values in your HTTP requests.
For more information, see Setup for Media Services REST API Development and Connecting to Media Services with the Media Services REST API.

ContentKeyAuthorizationPolicyOption Entity Properties

Property Type Description
Id

Read-only. Set by Media Services.
Edm.String Unique identifier.
Name Edm.String Friendly name of the authorization policy.
KeyDeliveryType

Required.
Edm. Int32 Delivery method of the content key to the client.

KeyDeliveryType could be one of the following: None = 0, PlayReadyLicense = 1, BaselineHttp = 2).
KeyDeliveryConfiguration Edm.String Xml data, specific to the key delivery type that defines how the key is delivered to the client.
Restrictions

Required.
A collection of ContentKeyAuthorizationPolicyRestriction ComplexType Propertiess. Requirements defined in each restriction must be met in order to deliver the key using the key delivery data.

ContentKeyAuthorizationPolicyRestriction ComplexType Properties

Property Type Description
Name Edm.String Friendly name of the restriction.
KeyRestrictionType

Required.
Edm. Int32 Type of the restriction.

KeyRestrictionType could be one of the following: Open = 0, TokenRestricted = 1, IPRestricted = 2.
Requirements Edm. String Restriction requirements.

Create ContentKeyAuthorizationPolicyOption

The following example creates a ContentKeyAuthorizationPolicyOption with the following values set: an Open authorization restriction ("KeyRestrictionType":0) and BaselineHttp (MPEG baseline HTTP key protocol) key delivery method ("KeyDeliveryType":2). You can try out the example in the Fiddler’s Composer tab.

To get the latest x-ms-version:, see Media Services REST.

Request headers:

POST https://testrest.cloudapp.net/api/ContentKeyAuthorizationPolicyOptions HTTP/1.1  
  
Content-Type: application/json  
DataServiceVersion: 3.0;NetFx  
MaxDataServiceVersion: 3.0;NetFx  
Accept: application/json  
Accept-Charset: UTF-8  
User-Agent: Microsoft ADO.NET Data Services  
Authorization: Bearer <token value>  
x-ms-version: 2.11  

Request body:

  
{    
   "Name":"policy",  
   "KeyDeliveryType":2,  
   "KeyDeliveryConfiguration":"",  
   "Restrictions":[    
      {    
         "Name":"HLS Open Authorization Policy",  
         "KeyRestrictionType":0,  
         "Requirements":null  
      }  
   ]  
}  

If successful, a HTTP/1.1 201 Created status code is returned along with a representation of the created entity in the response body.

The following example creates a ContentKeyAuthorizationPolicyOption with the following values set: a Token authorization restriction ("KeyRestrictionType":1) and BaselineHttp (MPEG baseline HTTP key protocol) key delivery method ("KeyDeliveryType":2).

To get the latest x-ms-version:, see Media Services REST.

Request headers:

POST https:/testrest.cloudapp.net/api/ContentKeyAuthorizationPolicyOptions HTTP/1.1  
  
Content-Type: application/json  
DataServiceVersion: 3.0;NetFx  
MaxDataServiceVersion: 3.0;NetFx  
Accept: application/json  
Accept-Charset: UTF-8  
User-Agent: Microsoft ADO.NET Data Services  
Authorization: Bearer <token value>  
x-ms-version: 2.11  
  

Request body:

{    
   "Name":"Token option for HLS",  
   "KeyDeliveryType":2,  
   "KeyDeliveryConfiguration":null,  
   "Restrictions":[    
      {    
         "Name":"Token Authorization Policy",  
         "KeyRestrictionType":1,  
         "Requirements":"<TokenRestrictionTemplate xmlns:i=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"http://schemas.microsoft.com/Azure/MediaServices/KeyDelivery/TokenRestrictionTemplate/v1\"><AlternateVerificationKeys><TokenVerificationKey i:type=\"SymmetricVerificationKey\"><KeyValue>dliLr1QQJrATxNuoss2Btvk1KxcDJDHvTgu7fII5LEMGAt1p6J1YAD7I0EVd6D69nEkNUlkSDXfgaJ3cswrf8g==</KeyValue></TokenVerificationKey></AlternateVerificationKeys><Audience>urn:test</Audience><Issuer>http://testacs.com/</Issuer><PrimaryVerificationKey i:type=\"SymmetricVerificationKey\"><KeyValue>tqdCrSPGDZYJ4l3YyWR1NH7OdTvucBm7bU/ZQKPszV/hR54saMgyJK9bA9bay996NtNpcA0OruHETvy885g46A==</KeyValue></PrimaryVerificationKey><RequiredClaims><TokenClaim><ClaimType>urn:microsoft:azure:mediaservices:contentkeyidentifier</ClaimType><ClaimValue i:nil=\"true\" /></TokenClaim></RequiredClaims><TokenType>JWT</TokenType></TokenRestrictionTemplate>"  
      }  
   ]  
}