Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
Hey Folks,
I'm currently building an LMS and I'd like to get some feedback on the use of Vimeo Business to host and manage the videos, and whether it is a suitable service for our needs.
In the system, tutors, admins, and B2B customers will be able to create courses and for each section of the course, they will be able to upload video.
Does the Vimeo API handle this sort of thing and will it allow restrictions on the videos based on whether someone has purchased that specific course?
It will be similar to Laracasts in that the video is behind a subscription/payment, but all videos won't be accessible once you have an account, you'll purchase courses individually and all videos attached to that course will be available. This is probably handled in the code itself, but just wanted some opinions on whether Vimeo is a good fit.
Also, does the API allow management of videos etc like this? Would I be able to allow our software to allow users to upload video from the dashboard of our app to Vimeo?
Would appreciate your thoughts as well @JeffreyWay. Thanks.
@garethdaine You can upload via the Vimeo API (https://developer.vimeo.com/api/upload/videos) but you have to write the integration.
As for the integration, I think Vimeo restricts access to a domain but I don’t think you’ll be able to restrict access based on whether they’ve “purchased” it on your site or not. You may be able to edit the video ID in Chrome Web Inspector and because Vimeo sees it as a request from that domain, just play the video regardless.
It's truly valid post, Just check out vimeo help center to find out the accurate answer.
@martinbean Thanks. Would I not be able to completely restrict the video and then implement some sort of authentication within the app that then sends a request to Vimeo to 'unlock' it per session, or something similar.
So, essentially, no one has access until my app authenticates them and then the app retrieves the video for playback based on an API key or something? For example by setting the privacy option per session or something along those lines.
Perhaps something like this would be better https://wistia.com/use-cases/training-and-education
@garethdaine Not really. Vimeo’s just a video hosting service. It doesn’t handle anything like authorisation. You upload a video, users can watch that video.
If you want to restrict access to users, then you might need to look into something like S3 and/or CloudFront, which can restrict access based on signed URLs. But I imagine your costs would go up for hosting/streaming in exchange for this flexibility.
@martinbean Hmmm. Are you certain that's the case? Laracasts uses Vimeo to host its video content and that is restricted based on your subscription level. Of course, this is handled in Laracasts itself, but there must be a way to restrict/un-restrict video based on active subscriptions, as this is what this site does.
@martinbean For example, this video on Laracasts is hosted on a Vimeo CDN https://fpdl.vimeocdn.com/vimeo-prod-skyfire-std-us/01/4563/6/172817621/557822165.mp4.
You can't get access to it unless a valid token is passed as a query string parameter. Surely, using this token based authentication I'd be able to restrict access per user based on generated tokens? No?
@garethdaine any progress? Have to be able to give individual and limited in time access to vimeo video's for a future project. Eg, user x can watch video y for the next 24 hours. Not sure if it's possible.
Vimeo itself doesn't handle this, except that you can make the videos "private" so they won't appear on vimeo.com, and also restrict the domains on which they can be embedded.
It would be up to you to write the logic. In Laracasts' case, the application will check whether a user has a subscription, before displaying the page. Depending on that check, the page shows either the real video embed, or a placeholder asking you to join.
You could do the same thing, just with different logic for your check.
In principle, there's nothing to stop people sharing a list of Vimeo IDs for the paid Laracasts videos, and then going to a free video page and changing the embed code. Of course this would be wrong and against the terms of service!
But you have to accept that no matter how good your security, sufficiently motivated people can steal your videos (if they can watch it, they can copy it).
Hey @MikeHopley,
Yes, completely understand I would have to write the authorisation logic and connect to the Vimeo API to retrieve the asset.
My question was more to do with how Vimeo protects those assets.
I understand it can be restricted by domain, but I'm guessing there is also some sort of tokenisation functionality available.
For example:
So, if someone wanted to get the video URL from the dev tools/inspector (even with the token), they would only have access for a specific amount of time before that token expires. When it does, the video will not play.
Seems reasonable that Vimeo would have this sort of functionality, but I'm not entirely sure.
Though this link from Laracasts uses some form of tokenisation with expiry. https://fpdl.vimeocdn.com/vimeo-prod-skyfire-std-us/01/4563/6/172817621/557822165.mp4
The link will only work if you pass a valid token.
I've also been looking at VHX (https://www.vhx.tv/) which is also a Vimeo company.
Vimeo offers a limited ability to categorise videos into "albums", but this is quite basic.
As far as I know, Vimeo does not offer token-based authentication. See this forum thread.
VHX can be stupidly expensive, depending on your own pricing model.
Great news.. Vimeo offer great platform for business
I have the same question, what did you end up with using?
Please or to participate in this conversation.