# Geo-block Wowza CDN on Fastly stream targets with the Wowza Video REST API The Wowza Video™ service allows you to selectively allow or block access to Wowza CDN on Fastly stream targets so that you can control where a stream can be viewed. Learn how to use the REST API to control the locations where your stream can be viewed. ## Before you start You should complete the following tasks: - Create a **transcoder**. You'll need the resulting `transcoder_id` to assign the token-authenticated stream target to the transcoder. View our [connect a source](/docs/wowza-video/guides/video-source/encoder-camera/connect-an-ip-camera) topics to learn how to create a live stream or transcoder for RTMP, RTSP, IP camera, SRT encoder, UDP encoder, WebRTC, and Wowza Streaming Engine. You should be familiar with the following concepts: - **API authentication** **methods**. We use JSON web tokens for API authentication. See [Authentication](/docs/wowza-video/about-the-rest-api/authentication) for more information. - **Environment variables**. We use environment variables for the API version and your JWT in the cURL API request examples in this topic to make it easier for you to copy, paste, and run commands in your Terminal or Command Prompt window. If you don't set environment variables for these values, you'll need to manually enter the correct values in the code samples throughout this tutorial. See [Tools for testing the API](/docs/wowza-video/about-the-rest-api/api-overview#tools-for-testing-the-api) for instructions. ## 1. Add a Wowza CDN on Fastly stream target for HLS playback Create a Wowza stream target configured to play streams from Wowza CDN on Fastly over HLS by sending a `POST` request to the `/stream_targets/fastly` endpoint. You can enable geo-blocking during this step, configure which locations are allowed or blocked, and configure any IP address overrides you may need. You can use the following sample request, making sure to: - Set `geoblock_enabled` to `true`. - Set `geoblock_by_location` to `allow`. - Set `geoblock_country_codes` to the locations affected by the geo-blcoking. Enter a comma-separated list of uppercase two-letter ISO 3166-1 country codes. For a list, see ISO 3166-1 on Wikipedia. - Set `geoblock_ip_override` to `allow` or `deny`. `allow` permits access from IP addresses within a location that's been blocked, while `deny` restricts access from IP addresses within locations that are allowed. - Set `geoblock_ip_addresses` to addresses that can access or restrict the stream even if they're within a specified geo-blocked location. Use a comma-separated list of IPv4 and IPv6 IP addresses that always allow or deny streaming based on the `geoblock_ip_override` value. You can block or allow a combination of up to about 40 IP addresses. #### Sample request Endpoint Reference ``` curl -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${WV_JWT}" \ -d '{ "stream_target_fastly": { "name": "MyHLSTarget", "geoblock_enabled": true, "geoblock_by_location": "allow", "geoblock_country_codes": "DE, US", "geoblock_ip_override": "deny", "geoblock_ip_addresses": "1.2.3.4, 9.8.7.6", "referer_enabled": false } }' "${WV_HOST}/api/${WV_VERSION}/stream_targets/fastly" ``` The response includes: - A `stream_target_id` you will use to assign stream targets. #### Sample response ``` { "stream_target_fastly": { "id": "1234abcd", "name": "MyHLSTarget", "state": "activated", "stream_name": "st1r2eam", "delivery_protocols": [ "hls" ], "playback_urls": { "hls": [ { "name": "default", "url": "https://[subdomain].wowza.com/1/[stream_id]/[stream_name]/hls/live/playlist.m3u8" } ] }, "token_auth_enabled": false, "token_auth_playlist_only": false, "geoblock_enabled": true, "geoblock_by_location": "allow", "geoblock_country_codes": "DE, US", "geoblock_ip_override": "deny", "geoblock_ip_addresses": "1.2.3.4, 9.8.7.6", "force_ssl_playback": false, "created_at": "2016-02-23T16:04:23.170Z", "updated_at": "2016-02-23T16:04:23.170Z" } } ``` > **Troubleshooting:** The limit of 40 IP addresses is approximate because all the security information (SSL playback, geoblocking countries and IP addresses, referer header, and token auth) count toward an overall metadata limit. If you have fewer than 40 IP addresses and still receive a 422: Invalid Record (Geoblock IP addresses) error when you try to save your stream target, there are some additional things you can try: - Make sure that the combined characters for IP addresses and locations is under 400 characters. You'll need to use the two-letter ISO 3166-1 country code when considering the total characters. - IPv4 takes up less space than IPv6, so use IPv4 when you can. ## 2. Assign the geo-blocked stream target to a transcoder's output rendition You can use the following sample request, making sure to: - Set `stream_target_id` to the `id` listed in the response from step 1. - Set `transcoder_id` to the `id` for the transcoder. - Set `output_id` to the id for the output rendition. #### Sample request Endpoint Reference ``` curl -X POST \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${WV_JWT}" \ -d '{ "output_stream_target": { "stream_target_id": "1234abcd" } }' "${WV_HOST}/api/${WV_VERSION}/transcoders/[transcoder_id]/outputs/[output_id]/output_stream_targets/" ``` #### Sample response ``` { "output_stream_target": { "stream_target_id": "1234abcd" } } ``` ## More resources - Security features in Wowza Video ## Related requests - PATCH/stream_targets/fastly/ID — Update a Wowza CDN on Fastly stream target's geo-blocking configuration.