How can we secure a playback of a live input stream when using webRTC?

I have tried using the endpont to generate a token by providing the live input ID.
https://developers.cloudflare.com/stream/viewing-videos/securing-your-stream/

Then I replace the live input ID from the webRTC playback URL with the generated token and use the url with the WHEP player. But I get a 400 response.

The playback url for the WHEP
https://customer-$id.cloudflarestream.com/$token/webRTC/play

Is it even possible to secure the live inputs like that? What would be a workaround?
Without a signed URL implementation for webRTC, someone with the live input ID could always watch the stream without any restictions/authorization.

1 Like