# Manage HLS playback over SSL for Wowza CDN on Fastly with the Wowza Video REST API

When you broadcast an HLS stream using the Wowza
Video™ service, you have complete control
over whether or not Secure Socket Layer (SSL) is used to establish a
handshake for encrypting the HTTP connections that deliver the stream to
viewers. By default, Wowza Video uses relative playlists, which allows
streams to be played over HTTP or HTTPS—or both. This provides the
greatest flexibility for your viewers. You can, however, require that
viewers watch a live stream over HTTPS. Requiring viewers to watch a
stream over HTTPS ensures an encrypted connection during playback.

## Before you start

You should complete the following tasks:

- Create a **live stream** or a **transcoder**. You'll need the
resulting `stream_targets_id` if you would like to deliver a HLS
stream for playback over HTTPS only. View our [connect a
source](/docs/wowza-video/guides/video-source/encoder-camera/connect-an-ip-camera)
topics to learn how to create a live stream or transcoder.


You should choose between the following two workflows:

- Decide between the **live stream** or **transcoder** workflow.
See Decide between a live stream or transcoder workflow[Decide between a live stream or transcoder workflow for more information about these workflows.


## About SSL playback from Wowza CDN on Fastly stream targets

Live streams delivered from Wowza Video travel across the Internet in
two stages to reach their audiences. After Wowza Video transcodes (or
passes through) the encoded live source video, it sends the stream to
geographically distributed servers called stream targets. Those Wowza
CDN on Fastly targets then deliver the live stream to viewers, such as
through a hosted webpage or a direct playback URL.

Wowza Video uses the HTTP protocol to make these two outbound network
transfers, delivering streams for playback over HLS. For this HTTP
delivery, Wowza Video generates a *relative playlist*, which means that
the stream can be viewed over HTTP or HTTPS. The viewer is not
restricted to the secured or unsecured protocol.

When you choose to deliver a live stream via Wowza CDN on Fastly stream
targets, you can enjoy the default flexibility of relative playlists, or
you can control whether the viewer has to use HTTPS to watch the stream.

details
summary
Live stream workflow
## Live stream workflow

### Play HLS over HTTP or HTTPS

Depending on how you want to make the stream available, do one of the
following using details from the live stream:

- Use the HLS playback URL returned as the `hls_playback_url` value to
play the stream in a browser or player that supports HLS. Although
the playback URL appears as HTTPS, the playback URL can also be
accessed using HTTP.
For example:
`https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8`
- The hosted page can only be viewed using HTTPS.
For example:
`https://player.video.wowza.com/hosted/[player_id]/player.html`
- If you want to include the stream on an external website (HTTP or
HTTPS), use the `embed_code` value in the `player` object, which
uses a relative URL in the JavaScript call for the player.
For example:
`<div id='wowza_player'></div><script id='player_embed' src='//player.video.wowza.com/hosted/[player_id]/wowza.js' type='text/javascript'></script>`


### Deliver an HLS stream for playback over HTTPS only

You can require SSL for HLS playback if desired. This ensures that
viewer clients connect securely to view the stream over HTTPS.

1. Update the Wowza CDN on Fastly targets associated with your live
stream to enable `force_ssl_playback`.
You can use the following sample request, making sure to:
• Set `force_ssl_playback` to `true`.
• Set `stream_target_id` to the `stream_targets_id`.
#### Sample request
Endpoint Reference

```
curl -X PATCH \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${WV_JWT}" \
-d '{ 
   "stream_target_fastly": { 
     "force_ssl_playback": true 
    } 
}' "${WV_HOST}/api/${WV_VERSION}/stream_targets/fastly/{stream_target_id}"
```
#### Sample response

```
{    
  "stream_target_fastly": {      
    "id": "abc1234",
    "name": "MyLiveStream / Stream Target",
    "state": "activated",
     ...
    "force_ssl_playback": true,      
     ...
  } 

}
```
2. Configure the `relativePlaylist` property to deliver an HLS stream
for playback over HTTPS only.
Configure the `relativePlaylist` property to send the stream's
chunklists from the target to the player with HTTPS as the protocol
prefix.
You can use the following sample request, making sure to:
• Set `key` to `relativePlaylists`
• Set `section` to `playlist`
• Set `value` to `false`.
• Set `stream_target_id` to the `stream_targets_id`.
#### Sample request
Endpoint Reference

```
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${WV_JWT}" \
-d '{   
  "property": {     
  "key": "relativePlaylists",     
  "section": "playlist",     
  "value": false  
  } 
}' "${WV_HOST}/api/${WV_VERSION}/stream_targets/[stream_target_id]/properties"
```
#### Sample response

```
{    
  "property": {      
    "key": "relativePlaylists",      
    "section": "playlist",      
    "value": false 
  } 

}
```
3. **Playback over HTTPS only**


Do one of the following for playback over HTTPS only, depending on
how you want to make your live stream available:

- Use the HLS playback URL returned as the `hls_playback_url` value in
the `player` object to play the stream in a browser or player that
supports HLS. The playback URL can only be accessed using HTTPS.
For example:
`https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8`
- The hosted page
can only be viewed using HTTPS.
For example:
`https://player.video.wowza.com/hosted/[player_id]/player.html`
- If you want to include the stream on an external website (HTTPS),
use the `embed_code` value in the `player` object, which uses a
relative URL in the JavaScript call for the player.
For example:

```
<div id='wowza_player'></div><script id='player_embed'
src='//player.video.wowza.com/hosted/[player_id]/wowza.js'
type='text/javascript'></script>
```


### More resources

- Security features in Wowza
Video -   [How to set advanced properties using the Wowza Video REST
API](/docs/wowza-video/guides/more-tasks/set-advanced-properties)


details
summary
Transcoder workflow
## Transcoder workflow

### Play HLS over HTTP or HTTPS

For the `playback_url`, refer to `hls` in the `playback_urls` returned
in the stream target details. Use this URL to play the stream in a
browser or player that supports HLS. Although the playback URL appears
as HTTPS, the playback URL can also be accessed using HTTP.

For example:
`https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8`

### Deliver an HLS stream for playback over HTTPS only

You can require SSL for HLS playback, if desired. This ensures that
viewer clients connect securely to view the stream over HTTPS.

1. Update the Wowza CDN on Fastly targets associated with your
transcoder to enable `force_ssl_playback`.
You can use the following sample request, making sure to:
• Set `force_ssl_playback` to `true`.
• Set `stream_target_id` to the `stream_targets_id`.
#### Sample request
Endpoint Reference

```
curl -X PATCH \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${WV_JWT}" \
-d '{ 
   "stream_target_fastly": { 
     "force_ssl_playback": true 
    } 
}' "${WV_HOST}/api/${WV_VERSION}/stream_targets/fastly/{stream_target_id}"
```
#### Sample response

```
{    
  "stream_target_fastly": {      
    "id": "abc1234",
    "name": "MyTranscoder / Stream Target",
    "state": "activated",
     ...
    "force_ssl_playback": true,      
     ...
  } 

}
```
2. Configure the `relativePlaylist` property to send the stream's
chunklists from the target to the player with HTTPS as the protocol
prefix.
You can use the following sample request, making sure to:
• Set `key` to `relativePlaylists`
• Set `section` to `playlist`
• Set `value` to `false`
• Set `stream_target_id` to the `stream_targets_id`.
#### Sample request
Endpoint Reference

```
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${WV_JWT}" \
-H "wsc-timestamp: [timestamp]" \
-H "wsc-signature: [signature]" \
-d '{   
  "property": {     
  "key": "relativePlaylists",     
  "section": "playlist",     
  "value": false  
  } 
}' "${WV_HOST}/api/${WV_VERSION}/stream_targets/[stream_target_id]/properties"
```
#### Sample response

```
{    
  "property": {      
    "key": "relativePlaylists",      
    "section": "playlist",      
    "value": false 
  } 

}
```
For more information about configuring stream target properties and
related requests, see [How to set advanced properties using the
Wowza Video REST
API](/docs/wowza-video/guides/more-tasks/set-advanced-properties).
3. **Playback over HTTPS only**
For the playback over HTTPS only, refer to `hls` in the
`playback_urls` object returned in the stream target details. Use
this URL to play the stream in a browser or player that supports
HLS. The playback URL can only be accessed using HTTPS.
For example:
`https://[wowzasubdomain].wowza.com/1/abc1TnJwZEpwYXxy/a12BeGd1/hls/live/playlist.m3u8`


### More resources

- Security features in Wowza Video