Welcome Apps
Products
Camera Microphone Photobooth Player Wall Photo
REST API
Overview Basics Processing Storage Notification Playback Security

App Securtity Settings

There are a variety of secuty options that allow you tightly control who is able to create and view assets in your app.

Security Settings
Authorized Hosts
Publish Signature
Playback Signature
Wall Assets

Authorized Host

you may optionally provide one or more authorized hosts (domains) for your application. If you add an authorized host your App will only work with a camera embeded on that host or a subdomain of that host.

Every authorized host has an implicit wildcard before it (*.) so by adding mysite.com as an authorized host you would be authorizing *.mysite.com. This would allow video from a camera on mysite.com or subdomain.mysite.com.

The more specific you are with your authorized host the more restrictive. For example if you added subdmain.mysite.com as your authorized host the App would only accept videos embeded on subdmain.mysite.com (not mysite.com or somethingelse.mysite.com).

Publish Signature

When turned on only embeds that contain valid data-signatureJson and data-signature attributes will be allowed to publish assets to the server. The data-signatureJson is a JSON string that contains keys for your api_key (found on your account credentials settings page) and expiration (expressed in linux epoch format). The signature is the HMAC-SHA1 hash of the signatureJSON signed with your API Private Key (found on your account credentials settings page). For example here is how you would generate the signatureJSON and signature in Ruby: 
signatureJSON = {
  api_key: "123-456-789",
  expiration: (Time.now + 30.minutes).to_i
}.to_json

signature = OpenSSL::HMAC.hexdigest("sha1", api_secret, signatureJSON)
You would then use the culculated values in your embed like so: 
<camera id='[CAMERA_ID]' data-app-id='YOUR_APP_UUID' data-signature='CALCULATED_SIGNATURE' data-signatureJson='SIGNATURE_JSON_STRING'></camera>

Playback Signature

When turned on only <video> tags that contain valid data-signature and data-signature-expiration attributes will be allowed to play videos to the server. The data-signature-expiration is a time (expressed in linux epoch format). The signatue is the HMAC-SHA1 hash of the data-signature-expiration with your API key. For example here is how you would generate the signature and signature expiration in Ruby: 
signatureJSON = {
  api_key: "123-456-789",
  expiration: (Time.now + 30.minutes).to_i
}.to_json

signature = OpenSSL::HMAC.hexdigest("sha1", api_secret, signatureJSON)
You would then use the culculated values in your player like so: 
<video id='[CAMERA_ID]' data-uuid='YOUR_VIDEO_UUID' data-signature='CALCULATED_SIGNATURE' data-signatureJson='SIGNATURE_JSON_STRING'></camera>

Wall Assets

This parameter determines which assets (if any) show up in your app's <wall> embeds. The allowed values are: none, all, white list, black list. Whitelist will only display assets that in the "approved" or "featured" states. Blaick list will display all assets except those in the "rejected" state. Please be aware that all assets accessible to your wall should be assumed to be publicly accessible. Even if you only make your <videowall> visible to limited population, the API endpoint that supplies the wall with assets will be publicly accessible.