Encrypting the Stream URL when using Embed player


New Member
I want to be able to encrypt the Stream URL when using the Embed player feature.
As I tried to do it by obfuscating the js code etc, but if any network sniffer is used, the sent websocket packets shows the stream url in plain text.
here is an example.
{"message":"playStream","data":[{"mediaSessionId":"ec1a6920-c929-11ee-86c0-7d2b98e761e3","name":"rtsp://myrtspurl.com/live/2","published":false,"hasVideo":true,"hasAudio":true,"status":"PENDING","record":false,"width":0,"height":0,"mediaProvider":"MSE","sdp":"v=0\r\no=- 1988962254 1988962254 IN IP4\r\nc=IN IP4\r\nt=0 0\r\na=sdplang:en\r\nm=video 0 RTP/AVP 112\r\na=rtpmap:112 H264/90000\r\na=fmtp:112 packetization-mode=1; profile-level-id=420020\r\na=recvonly\r\nm=audio 0 RTP/AVP 108 96 97 98 99 100 102 103 104\r\na=rtpmap:108 mpeg4-generic/48000/1\r\na=rtpmap:96 mpeg4-generic/8000/1\r\na=rtpmap:97 mpeg4-generic/11025/1\r\na=rtpmap:98 mpeg4-generic/12000/1\r\na=rtpmap:99 mpeg4-generic/16000/1\r\na=rtpmap:100 mpeg4-generic/22050/1\r\na=rtpmap:104 mpeg4-generic/24000/1\r\na=rtpmap:102 mpeg4-generic/32000/1\r\na=rtpmap:103 mpeg4-generic/44100/1\r\na=recvonly\r\n","bitrate":0,"minBitrate":0,"maxBitrate":0,"quality":0}]}
I was thinking if there is a way to modify the server so that I can encrypt the rtsp url, use the encrypted url as the input from client side and then decrypt the url on the server side to proceed as usual.
Any guide related to this will be highly appreciated.
Thank you.


Staff member
Good day.
If you want to hide the RTSP stream URL from clients, you have two possible ways:
1. (Simpler) Use REST API to capture RTSP stream to server: /rtsp/startup
POST /rest-api/rtsp/startup HTTP/1.1
Content-Length: 56
Content-Type: application/json
    "uri": "rtsp://myrtspurl.com/live/2",
    "localStreamName": "stream1"
Then, client should use the name stream1 to play the stream, so there will not be any real RTSP URL in websocket traffic.
2. (More complex) Use REST hook /playStream to rename the stream: Redefining fields. In this case, client also should use a fake stream name to play the stream, but your backend server should change the fake stream name to real RTSP URL. Please look at step by step REST hook implementation example that you can use as template: Using REST hook to authorize user by domain