How-to Guides
Once you’ve read the introductionary article and created your DRM configuration under My Mosaic, you are ready to try out Axinom DRM and Axinom Encoding yourself. Let’s start with the same tasks as discussed in What is DRM?.
Quick Start
In the steps below you will need various pieces of your DRM configuration, such as a Communication Key and Communication Key ID. Make sure you acquired DRM credentials under My Mosaic before you start.
Play a DRM-protected Video
Let’s start "at the end" and check how to play a DRM-protected video (after all, this is what we want to accomplish). Axinom DRM Video Playback Tool makes it very easy and understandable.
If you don’t have any DRM-protected video yet, it is not a problem. In the tool just pick one of the test vectors published by Axinom.
Later you can enter a URL for your own video.
The tool will create an entitlement message and a license service message on its own. You only need to provide your Communication Key ID and Communication Key to produce a signed JWT.
Enter the URL of a license service (keep the defaults or take them from your DRM configuration).
Pick one of the suggested players and you are ready to play the video. For every player, the tool will call a demo-page where the respective player is integrated and will pass the following:
-
URL of a protected video
-
License Service URL
-
JWT containing an entitlement message.
If you would like to use a different video player, check the section Video Players below.
Create an Entitlement Message
An Entitlement Message is a JSON data structure that instructs Axinom DRM License Service to issue a DRM license and how to configure the license.
To understand how an Entitlement Message can be used to control behavior of the License Service, read the License Service article. Entitlement Message is a full reference to the data structure.
We recommend to start with the Entitlement Message Tool. It shows all the various sections of the message, provides samples and auxillary tools.
If you want an even faster start, here is a minimalistic version of an entitlement message that still works:
{
"content_keys_source": {
"inline": [
{
"id": "11111111-0000-0000-0000-000000000000"
}
]
}
}
It tells the License Service to grant a license to one specific keyId (replace the id
with the keyId used in your video).
Create and Sign a License Service Message
Before you can send an Entitlement Message to the License Service, you have to wrap it into a so called License Service Message and make a signed JWT token out of it.
License Service Message is a JSON data structure used as an envelop. Here is a minimalistic version (additionally, you can specify a time period of validity of the enclosed Entitlement Message):
{
"version": 1,
"com_key_id": communicationKeyId,
"message": entitlementMessage
}
To create a JWT, use the License Service Message above as a payload and sign it with HMAC-SHA256 algorithm using your Communication Key as a signing key. Then apply base64 encode.
Signing a License Service Message article shows how to create and sign the JWT in many programming languages, including JavaScript, C#, PHP, Python, Rust.
Quick Start: Video Protection
Now we have to learn to produce DRM protected videos. DRM-protection is usually just one step in the Video Encoding pipeline, and it is performed by Video Encoder software.
Axinom DRM can work with any encoder that follows standards used by Widevine, PlayReady, and FairPlay. In this section we will use Axinom Encoding as an example of an encoder. Later sections explain how to configure 3rd party encoders to use Axinom DRM. First, we will use Axinom Encoding to encode a video without protection. Then we will see how to acquire encryption keys from Axinom DRM Key Service. Finally, we will use Axinom Encoding together with Axinom DRM Key Service.
Encode a Video using Axinom Encoding
Axinom Encoding expects an input video in an Input Storage and stores an encoded output in an Output Storage.
Input and Output Storage
Different implementations for storage are possible: Azure Blob Storage, Amazon S3, FTPS. For the example below we will use a Storage Account in Microsoft Azure Cloud.
There are two options to create a storage account:
In any case we will assume the following:
-
For the Input Storage there will be a Blob Container
video-input
-
For the Output Storage there will be a Blob Container
video-output
-
Output container will be accessible from outside via HTTPS
-
Every input videos will be uploaded to its own folder directly under Input Storage root.
To configure your storage account, you need from Azure the storage account Name and storage account Key. For the input storage you also have to generate a SAS token with only a LIST permission for the video-input container. Mosaic Hosting Service provides all these values.
To make sure your storage account credentials (namely, storage account key) are safe, apply Credentials Protection. Using Credentials Protection Tool you can encrypt your secrets with a certificate of the Encoding Service. Then only Encoding Service will be able to read these credentials.
To access your storage account we recommend the tool Azure Storage Explorer.
Get a Content Key from Axinom Key Service
While you are encoding your content, you can request the content keys from the Axinom key service and then the key synchronization will happen accordingly. So when the player CDM requests for the license token from the DRM license, the license service will return the correct key to the player CDM.
Third-party Integration
Video Players
Axinom DRM integrates well with all major players, both in browsers and on mobile devices. All you need to do is to configure the player to use Axinom DRM’s License Service Url for the respective DRM technology, give it a JWT containing an Entitlement Message (see above) and make it append the token as a custom HTTP-Header or a query string parameter.
We’ve gathered a lot of player-specific instructions under Video Players.