Improvements to Delegated Tokens

We’ve made some big changes to delegated tokens.

Background

Delegated tokens work as a public API token - allowing your customers to upload into your api.video account without actively using authentication. This greatly simplifies the upload of videos into the service.

There has been concern from some of our customers that this upload function could be abused by users who would upload many videos into the account - incurring unexpected encoding costs. So, we are adding some features to the delegated token endpoint that serve to enhance the security of the delegated token feature.

Search delegated tokens

Using this endpoint, you’ll receive a list of all the delegated tokens in your api.video account.

Delete delegated tokens

As of today, any delegated token can now be revoked/deleted. Simply add the delegated token ID you wish to remove into the url, and send to this endpoint to remove the token.

New tokens can have a ‘time to live’ (TTL) for token expiration.

When you create a token, you can now specify how long the token is valid.

The TTL parameter allows you to create a token that is valid for a specific period of time (in seconds). After this time has elapsed, uploads using this token will fail.

A TTL value >0 indicates the time in seconds that the token will remain active. After the token has expired, it will no longer appear in the token search.

If a video has started upload while the token is still valid, but continues past the expiration time, the video will be allowed to complete, and will be added to your api.video account. This also works for video uploads broken into byte ranges.

A value of 0 indicates no expiration. This is the default entry, and all existing tokens (with no defined expiration) have a TTL = 0.

Give our new delegated tokens a try - if you have any suggestions feel free to leave your suggestions here!

2 Likes