# Test AES encryptions for HLS streams with the Wowza Video REST API The Wowza Video™ service allows you to apply AES-128 encryption to HLS streams. This article describes how to test AES encryption by playing a media segment (.ts) file from an encrypted stream in VLC media player. If AES encryption is working correctly, VLC won't be able to play the media segment. ## Before you start You should complete the following tasks: - Create a **live stream** or a **transcoder**. You'll need the resulting `live_stream_id` or `transcoder_id` to schedule a broadcast. View our [connect a source](/docs/wowza-video/guides/video-source/encoder-camera/connect-an-ip-camera) topics to learn how to create a live stream or transcoder for RTMP, RTSP, IP camera, SRT encoder, UDP encoder, WebRTC, and Wowza Streaming Engine. - Configure AES-encryption. See [Secure HLS streams with AES-128 external encryption using the Wowza Video REST API](/docs/wowza-video/guides/stream-security/secure-hls-streams-with-aes-128-external-encryption) to learn more. You should choose between the following two workflows: - Decide between the **live stream** or **transcoder** workflow. See Decide between a live stream or transcoder workflow for more information about these workflows. details summary Live stream workflow ## Live stream workflow ### 1. Fetch the playback URL Fetch the HLS playback URL to test the encrypted stream by sending a `GET` request to the `/live_streams/[live_stream_id]` endpoint. You can use the following sample request, making sure to: - Set `live_stream_id` to the `id` for the live stream. #### Sample request Endpoint Reference ``` curl -H "Content-Type: application/json" \ -H "Authorization: Bearer ${WV_JWT}" \ -X "GET" \ "${WV_HOST}/api/${WV_VERSION}/live_streams/[live_stream_id]" ``` #### Sample response The response includes: - An `hls_playback_url` you'll use to test a media segment file from an encrypted stream in step 3. ``` { "live_stream": { "id": "abcntjvl", "name": "MyLiveStream", "transcoder_type": "transcoded", "billing_mode": "pay_as_you_go", "broadcast_location": "us_west_california", "recording": false, "closed_caption_type": "none", "low_latency": false, "encoder": "other_rtmp", "delivery_method": "push", "target_delivery_protocol": "hls-https", ... "player": { "id": "ly4rnpyt", "type": "wowza_player", "responsive": true, "countdown": false, "embed_code": "in_progress", "hls_playback_url": "https://[wowzasubdomain].wowza.com/1/abcdTnJwZEpwXYZa/aBcDeGd1/hls/live/playlist.m3u8", ... } } } ``` ### 2. Start the live stream 1. Start your video source. 2. Start your live stream. Endpoint Reference ``` curl -X PUT \ -H "Authorization: Bearer ${WV_JWT}" \ "${WV_HOST}/api/${WV_VERSION}/live_streams/[live_stream_id]/start" ``` 3. Check the state to make sure the live stream started. Endpoint Reference ``` curl -X GET \ -H "Authorization: Bearer ${WV_JWT}" \ "${WV_HOST}/api/${WV_VERSION}/live_streams/[live_stream_id]/state" ``` ### 3. Test a media segment file from the encrypted stream 1. View the playlist file using the `hls_playback_url` from step 1. #### Sample request ``` curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/playlist.m3u8 ``` #### Sample response ``` #EXTM3U #EXT-X-VERSION:3 #EXT-X-KEY:METHOD=AES-128,URI="mykey" #EXT-X-STREAM-INF:BANDWIDTH=2761081,CODECS="avc1.100.31,mp4a.40.2",RESOLUTION=1280x720 ../pldjp4q7/2728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1900046,CODECS="avc1.77.40,mp4a.40.2",RESOLUTION=854x480 ../pldjp4q7/1728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1348954,CODECS="avc1.77.32,mp4a.40.2",RESOLUTION=640x360 ../pldjp4q7/1152/chunklist.m3u8 ``` 2. Copy the file path for one of the chunklists and append it to the playback URL. #### Sample request ``` curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/chunklist.m3u8 ``` #### Sample response ``` #EXTM3U #EXT-X-VERSION:3 #EXT-X-TARGETDURATION:11 #EXT-X-MEDIA-SEQUENCE:1 #EXT-X-KEY:METHOD=AES-128,URI="mykey" #EXT-X-PROGRAM-DATE-TIME:2020-03-05T17:13:06.546Z #EXTINF:10.166, 0001lx7l/media_1.ts #EXTINF:10.133, 0001lx7l/media_2.ts #EXTINF:10.133, 0001lx7l/media_3.ts #EXTINF:10.2, ``` 3. Copy the file path for one of the media segments and append it the chunklist path. Use the `--output` flag to download the file to your computer. ``` curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/0001lx7l/media_2.ts --output media_2.ts ``` 4. Open the media segment file in VLC media player. If the file is encrypted correctly, VLC won't be able to play it. details summary Transcoder workflow ## Transcoder workflow ### 1. Fetch the playback URL Fetch the HLS stream target associated with the transcoder to get the HLS playback URL by sending a `GET` request to the `/fastly/[stream_target_id]` endpoint. You can use the following sample request, making sure to: - Set `stream_target_id` to the `stream_target_id` from the `output_stream_target` response. #### Sample request Endpoint Reference ``` curl -X GET \ -H "Authorization: Bearer ${WV_JWT}" \ "${WV_HOST}/api/${WV_VERSION}/stream_targets/fastly/[stream_target_id]" ``` #### Sample response The response includes: - An HLS playback `url` in `playback_urls` you'll use to test a media segment file from an encrypted stream in step 3. ``` { "stream_target_fastly": { "id": "abc45lfyz", "name": "My Wowza CDN on Fastly Stream Target", "state": "activated", "stream_name": "9a00105a", "playback_urls": { "hls": [ { "name": "default", "url": "https://[wowzasubdomain].wowza.com/1/TWhoL3BiZnJXMFhmNzZVN3JrZDAwUT09/ZmYxSXRrTERrUlk9/hls/live/playlist.m3u8" } ] }, "token_auth_enabled": false, "token_auth_playlist_only": false, "geoblock_enabled": true, "geoblock_by_location": "allow", "geoblock_country_codes": "DE, US", "geoblock_ip_override": "deny", "geblock_ip_addresses": "77.12.34.567, 78.23.45.678", "force_ssl_playback": false, "created_at": "2020-03-02T20:38:31.560Z", "updated_at": "2020-03-05T11:41:38.560Z" } } ``` ### 2. Start the transcoder 1. Start your video source. 2. Start the transcoder. #### Sample request Endpoint Reference ``` curl -X PUT \ -H "Authorization: Bearer ${WV_JWT}" \ "${WV_HOST}/api/${WV_VERSION}/transcoders/[transcoder_id]/start" ``` 3. Fetch the state of the transcoder to confirm that it’s started. #### Sample request Endpoint Reference ``` curl -X GET \ -H "Authorization: Bearer ${WV_JWT}" \ "https://api.video.wowza.com/api/[version]/transcoders/[transcoder_id]/state" ``` ### 3. Test a media segment file from the encrypted stream 1. View the playlist file using the `hls_playback_url` from step 1. #### Sample request ``` curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/playlist.m3u8 ``` #### Sample response ``` #EXTM3U #EXT-X-VERSION:3 #EXT-X-KEY:METHOD=AES-128,URI="mykey" #EXT-X-STREAM-INF:BANDWIDTH=2761081,CODECS="avc1.100.31,mp4a.40.2",RESOLUTION=1280x720 ../pldjp4q7/2728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1900046,CODECS="avc1.77.40,mp4a.40.2",RESOLUTION=854x480 ../pldjp4q7/1728/chunklist.m3u8 #EXT-X-STREAM-INF:BANDWIDTH=1348954,CODECS="avc1.77.32,mp4a.40.2",RESOLUTION=640x360 ../pldjp4q7/1152/chunklist.m3u8 ``` 2. Copy the file path for one of the chunklists and append it to the playback URL. #### Sample request ``` curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/chunklist.m3u8 ``` #### Sample response ``` #EXTM3U #EXT-X-VERSION:3 #EXT-X-TARGETDURATION:11 #EXT-X-MEDIA-SEQUENCE:1 #EXT-X-KEY:METHOD=AES-128,URI="mykey" #EXT-X-PROGRAM-DATE-TIME:2020-03-05T17:13:06.546Z #EXTINF:10.166, 0001lx7l/media_1.ts #EXTINF:10.133, 0001lx7l/media_2.ts #EXTINF:10.133, 0001lx7l/media_3.ts #EXTINF:10.2, ``` 3. Copy the file path for one of the media segments and append it the chunklist path. Use the `--output` flag to download the file to your computer. ``` curl https://[wowzasubdomain].wowza.com/1/Ni9vd3duZGRTOThB/WEtjTWpH/hls/live/../pldjp4q7/1152/0001lx7l/media_2.ts --output media_2.ts ``` 4. Open the media segment file in VLC media player. If the file is encrypted correctly, VLC won't be able to play it.