Constructing the URL Token Request

Here is how to construct an Ooyala Player Token request.

To request the Ooyala Player Token with your token request URL, you need to craft an authorization request. The following section describes a convenient template that we provide to help you in this process. However, before you construct a URL Token Request using our template, it is useful to know what you are specifying for each segment of the URL:

Table 1. URL segments
You specify the... in this URL segment...
protocol and domain:
request path: /sas/embed_token/pcode/comma-separated embed codes
query string parameters: ?api_key=apiKey&expires=expirationTime&signature=computedSignature&account_id=account_id_value

Use the Token Request Template

To issue an actual request, you can use the following URL template. Fill in the relevant fields: embed codes?api_key=apiKey&expires=expirationTime&signature=computedSignature&account_id

Supply the following information:

Table 2. URL segments
Template Field Description
pcode You can get this partner code information for a particular provider from your Ooyala Backlot Web account. For details, see Your API Credentials. This is a required field.
apiKey If API access is enabled for your account, Ooyala provides you with an API Key. This is a required field. For more information about the API Key, see General Algorithm for Signing Requests.
comma-separated embed codes You supply one or more embed codes that represent the players that will be embedded on the page. You can use up to 50 embed codes.
all Use all in place of the comma-separated embed codes when you want to create the playback token for use with multiple assets (over 50 embed codes). This is useful when using the rights locker with applications that want to create the playback token for multiple assets.
expirationTime The POSIX time at which point the token expires. Use a short expiration time on the URL snippet so that the snippet cannot be replicated across other domains (more precisely, it can be embedded, but will become nonfunctional).
computedSignature When you construct a token request, you need to provide a computed signature. You generate this signature on the server side. For instructions, see General Algorithm for Signing Requests.
account_id Your account or user identifier. While not always necessary in the Ooyala Player Token, account_id is required for working with entitlements (such as eCommerce), concurrent stream limits, cross-device resume, or device registration. Use this parameter in conjunction with Rights Lockeror Device Registration API.