API functionality to have a custom private video control

Our project requires to control access of a user to a video by applying the rules:

  • a user needs to authenticate against our application first (it’s our app part),
  • then a user can find some videos annotations that are available for (it’s our app part),
  • selecting one of them, the server-side should connect to API.video to ask for security credentials for that video that can be passed to that user and also set that video on API.video to allow the access only from that user,
  • that user can access that video on API.video and play it, but only once time and for a limited time (for 1 hour as an example),
  • if that user wants to play it again (for example, by refreshing the page), it’s necessary to go through the application logic again that passes new credentials for it (repeating the cycle from the beginning),
  • any other user should not be able to access the video,
  • if possible, including a user IP address into the credentials would be great because it would eliminate even any sharing of the access to the video (if a user is technically on that knowledge level to do it).

Does anybody have experiences to confirm that the described case above is possible to realize with the actual API.video functionality?

Thanks a lot for any reply.


Thanks for the great question. We jump in to your scheme on bullet #3.

Videos on api.video can be tagged public of private (really it is public=false, but you get the idea).

Public videos at api.video have the format:


where the value after VOD is the videoId. Anyone with this link can watch this video.

What if we set the video to private? Well, first off, the URL format looks different:


This video can be watched by exactly one user. Once it is viewed, the token is invalid, and the link will throw a 404 error (and the player will say “video not available.”

This token is valid for the browser window session.

The second part of this is that the user must re-authenticate to watch again. You can use the api.video analytics to determine if the user has watched the video. Use our dynamic metadata to tag the session with your user’s ID.

When you authenticate the user - you can check “has @mlapis watched this video?” If no results come back - then you can obtain the private video URL. If results come back - then your business logic can decide if they watched enough to block them for a 2nd view.

The last two bullets are handled by the private video mechanism, but we do record the IP, device type and more in each session

We do have many users using private videos in their applications with great success.


Great. Thanks a lot for your quick reply. It’s nice to hear the positive news, and it also means that we can start coding some prototype for our project with the knowledge that there are no serious limits to implement what we need to get.

Thanks once more. Milos