The Workflow User pays on clients website and redirects to a watch page on the Client's website.
User clicks a "Watch Video" button.
The button triggers an API call to Our Main Website.
Our backend saves the user's ID/Email to our database, requests an embed link from UIshare, and returns it to the client's frontend.
The Problem If our backend returns a standard, static URL, users can inspect the page source, copy the video link, and share it with unauthorized people who can then watch it for free.
What I Need Help With How do I implement a secure architecture to prevent this? Specifically:
Short-Lived Signed URLs: How to generate an embed link that expires in 30 seconds (preventing sharing), but allows the video to keep playing uninterrupted for the legitimate user once started?
IP/Domain Binding: How to restrict the video player so it only plays if accessed from the buyer's IP address and our approved domain?
Concurrent Session Blocks: Best practices for tracking active streams on our backend to stop a user from opening the video in multiple tabs or devices simultaneously.
Don't build this from scratch on top of a basic file host. If UIshare doesn't support signed HLS or DRM natively, you are fighting a losing battle. Look into Bunny Stream (Bunny.net), Mux, or VdoCipher. They handle the DRM (Widevine/FairPlay), HLS encryption, and signed URLs out of the box via simple API SDKs. Re-inventing a bulletproof video security architecture will cost you way more in dev hours and leaked revenue than a managed service ever will.
@shivamyadav Never heard of “UIshare” but you shouldn’t be serving static video files (i.e. MP4s) if this is content you want to control access to.
I’d add another recommendation for something like Mux as well. They will probably deliver video as HLS streams, require the use of signed URLs for playback, and you can even add DRM if you want to go down that route.
I’ve ran a video on demand platform for over 10 years now. I used to use Amazon for storing, transcoding, and delivering video; but moved to Mux maybe three years ago now and it’s far cheaper and easy to integrate. It’s to video what Stripe is to payments.
Yeah, its a japan's website.
We are using the AWS to stream the video via the .ts and .mu38 and added the signed URL with the minimum 20 sec time period before the url expired.
Please or to participate in this conversation.