How can we secure a playback of a live input stream when using webRTC?

I have tried using the endpont to generate a token by providing the live input ID.

Then I replace the live input ID from the webRTC playback URL with the generated token and use the url with the WHEP player. But I get a 400 response.

The playback url for the WHEP

Is it even possible to secure the live inputs like that? What would be a workaround?
Without a signed URL implementation for webRTC, someone with the live input ID could always watch the stream without any restictions/authorization.

1 Like