How-to guides provide step-by-step instructions for standard DRM workflows, also on how to integrate 3rd party services with Axinom DRM

How-to Guides

Once you’ve read the introductionary article and created your DRM configuration under My Mosaic, you are ready to try out Axinom DRM and Axinom Encoding yourself. Let’s start with the same tasks as discussed in What is DRM?.

Figure 1. Video Platform Overview

Quick Start

In the steps below you will need various pieces of your DRM configuration, such as a Communication Key and Communication Key ID. Make sure you acquired DRM credentials under My Mosaic before you start.

Play a DRM-protected Video

Let’s start "at the end" and check how to play a DRM-protected video (after all, this is what we want to accomplish). Axinom DRM Video Playback Tool makes it very easy and understandable.

If you don’t have any DRM-protected video yet, it is not a problem. In the tool just pick one of the test vectors published by Axinom.

Test Vectors
Figure 2. Select one of the test vectors

Later you can enter a URL for your own video.

The tool will create an entitlement message and a license service message on its own. You only need to provide your Communication Key ID and Communication Key to produce a signed JWT.

Enter the URL of a license service (keep the defaults or take them from your DRM configuration).

Pick one of the suggested players and you are ready to play the video. For every player, the tool will call a demo-page where the respective player is integrated and will pass the following:

  • URL of a protected video

  • License Service URL

  • JWT containing an entitlement message.

If you would like to use a different video player, check the section Video Players below.

Create an Entitlement Message

An Entitlement Message is a JSON data structure that instructs Axinom DRM License Service to issue a DRM license and how to configure the license.

To understand how an Entitlement Message can be used to control behavior of the License Service, read the License Service article. Entitlement Message is a full reference to the data structure.

We recommend to start with the Entitlement Message Tool. It shows all the various sections of the message, provides samples and auxillary tools.

If you want an even faster start, here is a minimalistic version of an entitlement message that still works:

Minimalistic Entitlement Message
    "content_keys_source": {
        "inline": [
            "id": "11111111-0000-0000-0000-000000000000"

It tells the License Service to grant a license to one specific keyId (replace the id with the keyId used in your video).

Create and Sign a License Service Message

Before you can send an Entitlement Message to the License Service, you have to wrap it into a so called License Service Message and make a signed JWT token out of it.

License Service Message is a JSON data structure used as an envelop. Here is a minimalistic version (additionally, you can specify a time period of validity of the enclosed Entitlement Message):

Minimalistic License Service Message
  "version": 1,
  "com_key_id": communicationKeyId,
  "message": entitlementMessage

To create a JWT, use the License Service Message above as a payload and sign it with HMAC-SHA256 algorithm using your Communication Key as a signing key. Then apply base64 encode.

Signing a License Service Message article shows how to create and sign the JWT in many programming languages, including JavaScript, C#, PHP, Python, Rust.

Quick Start: Video Protection

Now we have to learn to produce DRM protected videos. DRM-protection is usually just one step in the Video Encoding pipeline, and it is performed by Video Encoder software.

Axinom DRM can work with any encoder that follows standards used by Widevine, PlayReady, and FairPlay. In this section we will use Axinom Encoding as an example of an encoder. Later sections explain how to configure 3rd party encoders to use Axinom DRM. First, we will use Axinom Encoding to encode a video without protection. Then we will see how to acquire encryption keys from Axinom DRM Key Service. Finally, we will use Axinom Encoding together with Axinom DRM Key Service.

Encode a Video using Axinom Encoding

Axinom Encoding expects an input video in an Input Storage and stores an encoded output in an Output Storage.

encoding overview
Figure 3. Encoding Overview

Input and Output Storage

Different implementations for storage are possible: Azure Blob Storage, Amazon S3, FTPS. For the example below we will use a Storage Account in Microsoft Azure Cloud.

There are two options to create a storage account:

In any case we will assume the following:

  • For the Input Storage there will be a Blob Container video-input

  • For the Output Storage there will be a Blob Container video-output

  • Output container will be accessible from outside via HTTPS

  • Every input videos will be uploaded to its own folder directly under Input Storage root.

To configure your storage account, you need from Azure the storage account Name and storage account Key. For the input storage you also have to generate a SAS token with only a LIST permission for the video-input container. Mosaic Hosting Service provides all these values.

To make sure your storage account credentials (namely, storage account key) are safe, apply Credentials Protection. Using Credentials Protection Tool you can encrypt your secrets with a certificate of the Encoding Service. Then only Encoding Service will be able to read these credentials.

To access your storage account we recommend the tool Azure Storage Explorer.

Get a Content Key from Axinom Key Service

While you are encoding your content, you can request the content keys from the Axinom key service and then the key synchronization will happen accordingly. So when the player CDM requests for the license token from the DRM license, the license service will return the correct key to the player CDM.

Third-party Integration

Video Players

Axinom DRM integrates well with all major players, both in browsers and on mobile devices. All you need to do is to configure the player to use Axinom DRM’s License Service Url for the respective DRM technology, give it a JWT containing an Entitlement Message (see above) and make it append the token as a custom HTTP-Header or a query string parameter.

We’ve gathered a lot of player-specific instructions under Video Players.