Time based One Time Password (TOTP)

Attention: We have migrated our documentation to our new platform, Ant Media Resources. Please follow this link for the latest and up-to-date documentation.

The Time-based One-time Password algorithm (TOTP) is an extension of the HMAC-based One-time Password algorithm (HOTP) that generates a one-time password (OTP) by instead taking uniqueness from the current time.

We define a publisher or player as a subscriber. If time based token enabled, a subscriber should be created for the stream to able to publish or play. Each subscriber has an ID and a code. When a subscriber requests to publish or play a stream, he should provide his ID and time based token generated for his code. Otherwise server doesn't accept the publish or play request.

Enabling and Setting

• You can enable TOTP in application settings using Management Panel.

• You can also set/change TOTP period in seconds in red5-web.proeprties file under /usr/local/antmedia/webapps/WebRTCAppEE/WEB-INF/ folder. By default this value is 60 seconds. settings.timeTokenPeriod=60

Subscriber Operations

After enabling TOP in the server the following operations should be performed to publish or play by using TOTP.

1. Admin creates a new subscriber (publisher or player) by using this REST Method. You should assign a base 32 secret to each subscriber at the creation. A secret should be in length of multiple of 8 characters.

   Curl example for publisher type subscriber creation.

curl -X POST -H "Accept: Application/json" -H "Content-Type: application/json" http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscribers -d '{"subscriberId":"publisherA", "b32Secret":"mysecret", "type":"publish"}'

Curl example for player type subscriber creation.

curl -X POST -H "Accept: Application/json" -H "Content-Type: application/json" http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscribers -d '{"subscriberId":"playerB", "b32Secret":"mysecret", "type":"play"}'

2. Subscriber(Publisher or Player) needs to have a TOTP token to publish or play the stream. This token should be created using subscriber secret key. Here is an example page that creates TOTP.

3. Subscriber(Publisher or Player) can request publish or play using the created TOTP.

   Example of a publish request:

http://localhost:5080/WebRTCAppEE/?name=streamId&subscriberId=publisherA&subscriberCode=440456

Example of a play request:

http://localhost:5080/WebRTCAppEE/play.html?name=streamId&subscriberId=playerB&subscriberCode=​438610

You can find create, delete, list REST Methods references from REST API Reference

Subscriber Statistics

You can also get the some statistics like connection events, average bitrate for each subscriber with the following REST method.

curl -i -H "Accept: Application/json" -X GET "http://localhost:5080/WebRTCAppEE/rest/v2/broadcasts/stream1/subscriber-stats/list/0/5"