Each segment request made using segment redirect pod serving must include a HMAC-signed token for authentication, if not using early ad break notifications.
This token can be calculated once per ad break and shared across all stream sessions.
Gather token parameters
Gather the following information from the current ad break, to populate the token body.
| Token Parameters | ||
|---|---|---|
custom_asset_key
|
Required | The custom livestream asset key, from Google Ad Manager. |
cust_params
|
Optional | Custom targeting parameters. See cust_params.
|
exp
|
Required | Expiration timestamp for this token in seconds. |
network_code
|
Required | The Ad Manager 360 network code for this network. |
pod_id
|
Required | Identifier for the ad break. Should be an integer starting at
1 and increasing by one for each ad break.
This value must be the same across all users viewing the same ad break in the current event. |
pd
|
Required, except for events with durationless ad breaks enabled. | The duration in milliseconds of the ad break. Referred to above as
ad_pod_duration.
|
scte35
|
Optional | Base64-encoded SCTE-35 signal. It's the client's responsibility to ensure
that the signal is correct. If incorrect, a message is sent to the
X-Ad-Manager-Dai-Warning HTTP header in the response and the
signal is still propagated to create an ad break. See the supported
ad markers for more information on how DAI uses the SCTE-35 signal.
|
Create token string
list each parameter in alphabetical order, in the format name=value, with each
name-value pair separated by a tilde (~) character.
Optional parameters without a value can be left in-place with an empty string for the value, or removed entirely.
token string format
custom_asset_key={custom_asset_key}~exp={expiration}~network_code={network_code}~pd={pod_duration}~pod_id={ad_pod_index}~scte35={scte35_message}
Generate HMAC signature
The HMAC signature is a SHA-256 hash of the token string in HEX format. The secret key is the HMAC authentication key associated with your livestream event in Google Ad Manager.
Sign token string
Once generated, append the HMAC signature to the token string in the following format
~hmac={HMAC signature}
URL-encode token string
This token is passed as a URL parameter, so it must be URL-encoded for safety.
Example 1
Here's an example where unused optional parameters are included as empty strings.
Token string
custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~cust_params=~exp=1489680000~network_code=6062~pd=180000~pod_id=5~scte35=
Secret key
A7490591290583E4B93189DEE7E287C299FC686872ABC7ADC9F9F536443505F
HMAC signature
86d7e5f8c96fe4c83141d764df376ae14a0e2066f2e6b2ccfb9e1e2d3c869a88
Signed token
custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~cust_params=~exp=1489680000~network_code=6062~pd=180000~pod_id=5~scte35=~hmac=86d7e5f8c96fe4c83141d764df376ae14a0e2066f2e6b2ccfb9e1e2d3c869a88
URL-encoded signed token:
custom_asset_key%3DiYdOkYZdQ1KFULXSN0Gi7g~cust_params%3D~exp%3D1489680000~network_code%3D6062~pd%3D180000~pod_id%3D5~scte35%3D~hmac%3D86d7e5f8c96fe4c83141d764df376ae14a0e2066f2e6b2ccfb9e1e2d3c869a88
Example 2
Here's an example where the unpopulated optional variables are omitted entirely.
Token string
custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g3~exp=1489680000~network_code=6062~pd=180000~pod_id=5
Secret key
A7490591290583E4B93189DEE7E287C299FC686872ABC7ADC9F9F536443505F
HMAC signature
6a8c44c72e4718ff63ad2284edf2a8b9e319600b430349d31195c99b505858c9
Signed token
custom_asset_key=iYdOkYZdQ1KFULXSN0Gi7g~exp=1489680000~network_code=6062~pd=180000~pod_id=5~hmac=6a8c44c72e4718ff63ad2284edf2a8b9e319600b430349d31195c99b505858c9
URL-encoded signed token
custom_asset_key%3DiYdOkYZdQ1KFULXSN0Gi7g~exp%3D1489680000~network_code%3D6062~pd%3D180000~pod_id%3D5~hmac%3D6a8c44c72e4718ff63ad2284edf2a8b9e319600b430349d31195c99b505858c9