Generate a signed HMAC token

    • Segment requests using segment redirect pod serving require an HMAC-signed token for authentication unless using early ad break notifications.

    • The authentication token can be calculated once per ad break and used across all stream sessions.

    • To create the token, gather parameters such as custom_asset_key , exp , network_code , pod_id , and pd (required except for durationless ad breaks), along with optional parameters like cust_params and scte35 .

    • The token string is formatted with name=value pairs separated by a tilde ( ~ ), listed alphabetically.

    • An HMAC signature is generated using a SHA-256 hash of the token string and an HMAC authentication key, then appended to the token string and finally URL-encoded.

    Each segment or manifest request made using pod serving must include a HMAC-signed token for authentication, as a fallback of early ad break notifications .

    This token can be calculated once per ad break and shared across all stream sessions.

    Gather token parameters

    Gather the following information from the current ad break, to populate the token body.

    Token Parameters
    ad_break_id
    Required if pod_id parameter is not provided.
    The string identifier for the ad break.
    custom_asset_key
    Required if event parameter is not provided.
    The custom livestream asset key, from Google Ad Manager.
    cust_params
    Optional
    The custom targeting parameters for the ad break.
    event
    Required if custom_asset_key parameter is not provided.
    The livestream asset key, generated by Google Ad Manager.
    exp
    Required
    Expiration timestamp for this token in seconds.
    network_code
    Required if custom_asset_key parameter is provided.
    The Ad Manager 360 network code for this network.
    pod_id
    Required if ad_break_id parameter is not provided.
    The numerical identifier for the ad break.
    pd
    Required, except for events with duration-less ad breaks enabled.
    The duration in milliseconds of the ad break.
    scte35
    Optional
    The Base64-encoded SCTE-35 signal for the ad break.

    Create token string

    list each parameter in alphabetical order, in the format name=value , with each name-value pair separated by a tilde ( ~ ) character.

    Optional parameters without a value can be left in-place with an empty string for the value, or removed entirely.

    token string format

     custom_asset_key={custom_asset_key}~exp={expiration}~network_code={network_code}~pd={pod_duration}~pod_id={ad_pod_index}~scte35={scte35_message}

    Generate HMAC signature

    The HMAC signature is a SHA-256 hash of the token string in HEX format. The secret key is the HMAC authentication key associated with your livestream event in Google Ad Manager.

    Sign token string

    Once generated, append the HMAC signature to the token string in the following format

     ~hmac={HMAC signature}

    URL-encode token string

    This token is passed as a URL parameter, so it must be URL-encoded for safety.

    Example 1

    Here's an example where unused optional parameters are included as empty strings.

    Token string

     cust_params=~custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~pod_id=5~scte35=

    Secret key

     A7490591290583E4B93189DEE7E287C299FC686872ABC7ADC9F9F536443505F

    HMAC signature

     ea1081cc1ab83cacd1e64073fc19e64616b2571249232917dc9f539cafb4b94e

    Signed token

     cust_params=~custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~pod_id=5~scte35=~hmac=ea1081cc1ab83cacd1e64073fc19e64616b2571249232917dc9f539cafb4b94e

    URL-encoded signed token:

     cust_params%3D~custom_asset_key%3DiYdOkYZdQ1KFULXSN0Gi7g~exp%3D1489680000~network_code%3D6062~pd%3D180000~pod_id%3D5~scte35%3D~hmac%3Dea1081cc1ab83cacd1e64073fc19e64616b2571249232917dc9f539cafb4b94e

    Example 2

    Here's an example where the unpopulated optional variables are omitted entirely.

    Token string

     custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~pod_id=5
    Secret key
     A7490591290583E4B93189DEE7E287C299FC686872ABC7ADC9F9F536443505F
    HMAC signature
     6a8c44c72e4718ff63ad2284edf2a8b9e319600b430349d31195c99b505858c9

    Signed token

     custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~pod_id=5~hmac=6a8c44c72e4718ff63ad2284edf2a8b9e319600b430349d31195c99b505858c9

    URL-encoded signed token

     custom_asset_key%3DiYdOkYZdQ1KFULXSN0Gi7g~exp%3D1489680000~network_code%3D6062~pd%3D180000~pod_id%3D5~hmac%3D6a8c44c72e4718ff63ad2284edf2a8b9e319600b430349d31195c99b505858c9

    Example 3

    Here's an example with ad_break_id .

    Token string

     ad_break_id=adbreak1~custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000
    Secret key
     A7490591290583E4B93189DEE7E287C299FC686872ABC7ADC9F9F536443505F
    HMAC signature
     327b23b80d032b0fa4c41b64a5e44fa7733af5bdbf173b7d89135aef05ae6d29

    Signed token

     ad_break_id=adbreak1~custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~hmac=327b23b80d032b0fa4c41b64a5e44fa7733af5bdbf173b7d89135aef05ae6d29

    URL-encoded signed token

     ad_break_id%3Dadbreak1~custom_asset_key%3DiYdOkYZdQ1KFULXSN0Gi7g~exp%3D1489680000~network_code%3D6062~pd%3D180000~hmac%3D327b23b80d032b0fa4c41b64a5e44fa7733af5bdbf173b7d89135aef05ae6d29
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: