{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-sidebars.yaml"},"props":{"metadata":{"markdoc":{"tagList":["admonition"]},"type":"markdown"},"seo":{"title":"Authentication","description":"Developer documentation for Wowza","siteUrl":"https://developer.wowza.com","keywords":"wowza video developer portal, api reference docs","lang":"en-US","image":"https://www.wowza.com/wp-content/uploads/Graphics-Social-Profile-Images-Docs-Resources-1024x512-1.jpg","llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":[],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"authentication","__idx":0},"children":["Authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The WSE REST API can be used to configure, manage, and monitor a server through HTTP requests."," ","By default, all requests are authenticated."," ","The API validates your WSE admin credentials before processing the request."," ","You can update the authentication method to suit your needs."]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Notes"},"children":[{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["When SSL is enabled for the Wowza Streaming Engine REST API, you may see warnings in the logs indicating that you can't reach the REST API."," ","This is a known issue with the logs and isn't actually a problem with the REST API."," ","For more information, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://www.wowza.com/docs/important-issues-that-affect-wowza-streaming-engine-software#RESTAPIoverSSL"},"children":["Erroneous log statements when accessing the Wowza Streaming Engine REST API over SSL"]},"."]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To configure the authentication method for HTTP providers, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://www.wowza.com/docs/use-http-providers-with-the-wowza-streaming-engine-java-api#http-provider-configuration"},"children":["HTTP provider configuration"]},"."]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"about-api-authentication","__idx":1},"children":["About API authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["WSE 4.8.8.01+ allows passwords in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["admin.password"]}," file to be encoded using digest or Bcrypt hash functions."," ","WSE 4.8.19+ supports sha256 encryption."," ","The API authentication method must be compatible with the password encoding method."," ","For more information, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://www.wowza.com/docs/manage-users-with-the-wowza-streaming-engine-cli-password-tool"},"children":["Manage users with the Wowza Streaming Engine CLI password tool"]},"."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The table below lists the available authentication methods and the password encoding method that each supports:"]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"warning","name":"Note"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["We recommend using ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["sha256"]},", due to potential vulnerabilities with ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["md5"]},"."]}]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Authentication method"},"children":["Authentication method"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Password encoding method"},"children":["Password encoding method"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":["basic"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["plaintext, bcrypt"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":["digest"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["md5, sha256"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":["digestfile"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["md5, sha256"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":["remotehttp"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["N/A"]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"em","attributes":{},"children":["none"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["N/A"]}]}]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"basic-authentication","__idx":2},"children":["Basic authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The default authentication method is ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["basic"]},"."]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Note"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["WSE 4.8.5.05 and earlier defaults to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["digest"]}," authentication. If you set the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationMethod>"]}," to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["basic"]},", you're also disabling authentication for WSE Manager and removing the ability to manage and configure the media server software using WSE Manager."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Basic HTTP authentication applies Base64 encoding to the administrator's username and password as they're transmitted in the HTTP request."," ","Although the credentials are encoded, they're not encrypted."," ","As a result, basic HTTP authentication isn't considered secure unless it's used with HTTP over SSL (HTTPS)."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Since it's the default, you don't have to do anything to enable basic authentication."," ","But if you switch to another method you can change back at any time."]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Navigate to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["[install-dir]/conf/"]}," and open ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Server.xml"]}," in a text editor."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Locate the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationMethod>"]}," property in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<RESTInterface>"]}," section."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Specify ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["basic"]},", like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<AuthenticationMethod>basic</AuthenticationMethod>\n","lang":"html"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Save your change."]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"digest-authentication","__idx":3},"children":["Digest authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Digest authentication uses an ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["md5"]}," or ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["sha256"]}," hashed password when communicating requests to the API's web server."," ","An ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["md5"]}," or ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["sha256"]}," hash encodes (digests) a password string into 128 or 256 bits."," ","You will need to set the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["AuthenticationMethod"]}," and ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["PasswordEncodingScheme"]}," properties in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Server.xml"]}," file (located in ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["[install-dir]/conf"]},")."," ","Alternately, you can use the Command Line Interface tool to manage users."," ","Refer to the ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://www.wowza.com/docs/manage-users-with-the-wowza-streaming-engine-cli-password-tool"},"children":["CLI Tool"]}," documentation for more details."]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Note"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Due to potential vulnerabilities with ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["MD5"]},", we recommend using ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["sha256"]}," with Wowza Streaming Engine."," ","Be aware that currently only Firefox supports ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["sha256"]},"."," ","You will only be able to access the REST API via Firefox, but Wowza Streaming Engine Manager is supported by most up-to-date browsers."]}]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Navigate to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["[install-dir]/conf/"]}," and open ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Server.xml"]}," in a text editor."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Locate the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationMethod>"]}," property in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<RESTInterface>"]}," section."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Specify ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["digest"]},", like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<AuthenticationMethod>digest</AuthenticationMethod>\n","lang":"html"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Locate the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<PasswordEncodingScheme>"]}," property."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Specify either ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["md5"]}," or ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["sha256"]},", like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<PasswordEncodingScheme>sha256</PasswordEncodingScheme>\n","lang":"html"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Save your change."]}]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"digest-http-authentication","__idx":4},"children":["Digest HTTP authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To use digest HTTP authentication, first specify digest file as your authentication method and then create the hashed password."," ","Alternately, you can use the ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://www.wowza.com/docs/manage-users-with-the-wowza-streaming-engine-cli-password-tool"},"children":["CLI tool"]}," to manage users."]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Navigate to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["[install-dir]/conf/"]}," and open ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Server.xml"]}," in a text editor."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Locate the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationMethod>"]}," property in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<RESTInterface>"]}," section."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Specify ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["digestfile"]},", like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<AuthenticationMethod>digestfile</AuthenticationMethod>\n","lang":"html"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Save your change."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Now, generate an MD5 or SHA256-hashed digest password using a website such as ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"http://www.md5hashgenerator.com"},"children":["md5hashgenerator.com"]}," or ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://emn178.github.io/online-tools/sha256.html"},"children":["https://emn178.github.io/online-tools/sha256.html"]},"."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Generate a hash from the string:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"[your-admin-username]:Wowza:[your-admin-password]\n"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For example using the md5 authentication method, if your admin username is ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["solomio"]}," and your admin password is ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["secret"]},", generate the hash from:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"solomio:Wowza:secret\n"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["which results in the hashed digest password:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"43c27fa10ce3ea64d60735c79e9f1c4f\n"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Locate the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<PasswordEncodingScheme>"]}," property."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Specify either ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["md5"]}," or ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["sha256"]},", like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<PasswordEncodingScheme>sha256</PasswordEncodingScheme>\n","lang":"html"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Save your change."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Finally, add the hashed digest password to the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["admin.password"]}," file."," ","Navigate to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["[install-dir]/conf/"]}," and open ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["admin.password"]}," in a text editor."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Add a line to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["admin.password"]}," that contains the following:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"[username][space][hashed digest password][space][group]\n"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Using the example above, the line would be:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"header":{"controls":{"copy":{}}},"source":"solomio 43c27fa10ce3ea64d60735c79e9f1c4f admin\n"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Save your changes."]}]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Note"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["After enabling digest password file authentication, Wowza Streaming Engine automatically creates a hashed digest password for new admin users."]}]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"use-remote-http-authentication","__idx":5},"children":["Use remote HTTP authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Remote HTTP authentication goes one step further than digest HTTP authentication:"," ","It uses a remote server to generate a custom digest value from a shared secret."," ","That digest value is then included in an authorization header of your HTTP request to the REST API."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To use remote HTTP authentication, first specify it as your authentication method and then add the remote URL, the shared secret, and the authenticating server to the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Server.xml"]}," file."]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Navigate to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["[install-dir]/conf/"]}," and open ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Server.xml"]}," in a text editor."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Locate the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationMethod>"]}," property in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<RESTInterface>"]}," section."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Specify ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["remotehttp"]},", like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<AuthenticationMethod>remotehttp</AuthenticationMethod>\n","lang":"html"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Add the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationURL>"]},", ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationURLSharedSecret>"]},", and ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationURLIdentity>"]}," properties below the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationMethod>"]}," property, like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<AuthenticationURL>[remote-URL]</AuthenticationURL>\n<AuthenticationURLSharedSecret>[shared-secret-key]</AuthenticationURLSharedSecret>\n<AuthenticationURLIdentity>[authenticating-server-name]</AuthenticationURLIdentity>\n","lang":"html"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For example, if the HTTP requests should be sent to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["http://192.168.1.10/wseauthentication/"]}," for authentication by the remote HTTP server, your shared secret key is ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["MySharedSecretKey"]},", and the server requesting authentication is ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["MyServerIDName"]},", the additional properties would look like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<AuthenticationURL>http://192.168.1.10/wseauthentication/</AuthenticationURL>\n<AuthenticationURLSharedSecret>MySharedSecretKey</AuthenticationURLSharedSecret>\n<AuthenticationURLIdentity>MyServerIDName</AuthenticationURLIdentity>\n","lang":"html"},"children":[]}]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Note"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The remote URL can be HTTP or HTTPS and it must be able to accept POST requests."]}]},{"$$mdtype":"Tag","name":"ol","attributes":{"start":5},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["Save your change."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["After configuring remote HTTP authentication on your Wowza Streaming Engine server, write a script that instructs the remote server to generate the custom digest value, includes the value in the authorization header, and authenticates a user."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The script should create the custom digest value ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["WowzaRemoteAuthHash"]}," from the Wowza Streaming Engine user's username, the shared secret you added to the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Server.xml"]}," file, and the requesting server's URI."," ","It also includes a computed response that proves the user knows the password."," ","The formula for the Wowza hash value looks like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"txt","header":{"controls":{"copy":{}}},"source":"WowzaRemoteAuthHash = MD5 ([username]+[response]+[shared secret]+[URI])\n","lang":"txt"},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If a user is authenticated, the remote server should respond with an ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["AdministratorGroups"]}," header that contains a comma-separated list of the groups the user is in."," ","If this header isn't returned, the user is given read-only privileges."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["The following PHP code provides an example script that can be used on a remote server to authenticate two users, an administrator named ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["cricket"]}," and a read-only user named ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["guest"]},"."]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Note"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["For more information on writing HTTP digest authentication requests, see the IETF's ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"https://tools.ietf.org/html/rfc7616"},"children":["HTTP Digest Access Configuration"]}," memo."]}]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"php<?php","header":{"controls":{"copy":{}}},"source":"$realm = 'Wowza';\n\n$users = array('cricket' => 'stumps', 'guest' => 'guest');\n$sharedSecret = \"MySharedSecretKey\";\n$serverIdentity = \"MyServerIDName\";\n\nif (empty($_SERVER['PHP_AUTH_DIGEST'])) {\n    header('HTTP/1.1 401 Unauthorized');\n    header('WWW-Authenticate: Digest realm=\"'.$realm.'\",qop=\"auth\",nonce=\"'.uniqid().'\",opaque=\"'.md5($realm).'\"');\n    exit(0);\n}\n\n$data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST']);\n\nif (!isset($data['username'])) {\n    header('HTTP/1.1 401 Unauthorized');\n    exit(0);\n}\n\n// To create the wowzaHash value we do the following\n// username+response+sharedSecret+uri\n\n$validSharedHash = md5($data['username'].$data['response'].$sharedSecret.$data['uri']);\n\nif (strcmp($validSharedHash, $_SERVER['HTTP_WOWZAREMOTEAUTHHASH']) != 0) {\n    header('HTTP/1.1 401 Unauthorized');\n    exit(0);\n}\n\nif (isset($_SERVER['HTTP_WOWZASTREAMINGENGINEIDENTITY'])) {\n    if (strcmp($serverIdentity, $_SERVER['HTTP_WOWZASTREAMINGENGINEIDENTITY']) != 0) {\n        header('HTTP/1.1 401 Unauthorized');\n        exit(0);\n    }\n}\n\n$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);\n$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);\n\n// There are two digest authentication methods.\n\n// If qop, cnonce, and nc are present, do this way\nif (isset($data['qop']) && isset($data['cnonce']) && isset($data['nc'])) {\n    $finished = $A1.':'.$data['nonce'].':'.sprintf(\"%08d\", $data['nc']).':'.$data['cnonce'].':'.$data['qop'].':'.$A2;\n    $valid_response = md5($finished);\n}\n// If not, do this way.\nelse {\n    $valid_response = md5($A1.':'.$data['nonce'].':'.$A2);\n}\n\nif (strcmp($data['response'], $valid_response) != 0) {\n    header('HTTP/1.1 401 Unauthorized');\n    exit(0);\n}\n\n// If we got here, we're authenticated.\n\n// The 'cricket' user is given admin and advance administrator permissions.\n\nif (strcmp($data['username'], \"cricket\") == 0) {\n    header('AdministratorGroups: admin,advUser');\n}\n\n// The 'guest' user is made a read-only user. You don't have to specify readOnly\n// because that's the default if no groups are set. readOnly included here for clarity.\n\nif (strcmp($data['username'], \"guest\") == 0) {\n    header('AdministratorGroups: readOnly');\n}\n\n// Taken from PHP site as an example to handle string parsing.\nfunction http_digest_parse($txt) {\n    $needed_parts = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);\n    $data = array();\n    $keys = implode('|', array_keys($needed_parts));\n    preg_match_all('@(' . $keys . ')=(?:([\\'\"\"])([^\\2]+?)\\2|([^\\s,]+))@', $txt, $matches, PREG_SET_ORDER);\n\n    foreach ($matches as $m) {\n        $data[$m[1]] = $m[3] ? $m[3] : $m[4];\n        unset($needed_parts[$m[1]]);\n    }\n\n    return $data;\n}\n?>\n","lang":"php<?php"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":3,"id":"add-remote-http-fallback-authentication","__idx":6},"children":["Add remote HTTP fallback authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["With WSE 4.6.0.02+, you can configure remote HTTP authentication to use digest password file authentication under certain circumstances, such as a failure to connect to the remote service or the return of a specific HTTP status code that indicates the HTTP service isn't available."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["By default, fallback authentication is disabled."," ","You can enable it by using the following properties:"]},{"$$mdtype":"Tag","name":"div","attributes":{"className":"md-table-wrapper"},"children":[{"$$mdtype":"Tag","name":"table","attributes":{"className":"md"},"children":[{"$$mdtype":"Tag","name":"thead","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Property"},"children":["Property"]},{"$$mdtype":"Tag","name":"th","attributes":{"data-label":"Description"},"children":["Description"]}]}]},{"$$mdtype":"Tag","name":"tbody","attributes":{},"children":[{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationURLBackupFile>"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["When ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["true"]},", instructs the remote HTTP authentication mechanism to use the digest password in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["admin.password"]}," file when the specified ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationURLBackupFileConditions>"]}," are met."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationURLBackupFileConditions>"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["A required, comma-separated list of conditions that determine when the fallback authentication method is used. Specify ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["connect"]}," to enable fallback authentication if the remote HTTP service can't be reached and/or specify HTTP code(s), such as ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["500"]},", that should trigger the fallback mechanism."]}]},{"$$mdtype":"Tag","name":"tr","attributes":{},"children":[{"$$mdtype":"Tag","name":"td","attributes":{},"children":[{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationURLBackupFileRetry>"]}]},{"$$mdtype":"Tag","name":"td","attributes":{},"children":["The frequency, in milliseconds, at which the authentication system checks the remote HTTP service for availability. The default is ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["30000"]},". The specified value can't be less than ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["10000"]},". This property is only required if you want to use a frequency other than the default."]}]}]}]}]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"success","name":"Important"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["To use fallback authentication, you must first create a digest password in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["admin.password"]}," file."," ","For instructions, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"#digest-http-authentication"},"children":["Use digest HTTP authentication"]},"."]}]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Add the fallback properties to the authentication method between the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationURL>"]}," and the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationURLSharedSecret>"]}," in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Server.xml"]}," file, like this:"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<AuthenticationURL>http://192.168.1.10/wseauthentication/</AuthenticationURL>\n<AuthenticationURLBackupFile>true</AuthenticationURLBackupFile>\n<AuthenticationURLBackupFileRetry>30000</AuthenticationURLBackupFileRetry>\n<AuthenticationURLBackupFileConditions>connect,500</AuthenticationURLBackupFileConditions>\n<AuthenticationURLSharedSecret>MySharedSecretKey</AuthenticationURLSharedSecret>\n<AuthenticationURLIdentity>MyServerIDName</AuthenticationURLIdentity>\n","lang":"html"},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"disable-authentication","__idx":7},"children":["Disable authentication"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["You can turn off authentication so that API requests aren't authenticated."]},{"$$mdtype":"Tag","name":"Admonition","attributes":{"type":"info","name":"Note"},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["If you set the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationMethod>"]}," to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["none"]},","," ","you're also disabling authentication for Wowza Streaming Manager and removing the ability to manage and configure the media server software using Wowza Streaming Engine Manager."]}]},{"$$mdtype":"Tag","name":"ol","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Navigate to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["[install-dir]/conf/"]}," and open ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["Server.xml"]},"."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Locate the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationMethod>"]}," property in the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<RESTInterface>"]}," element."]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Set the ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["<AuthenticationMethod>"]}," to ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["none"]},":"]},{"$$mdtype":"Tag","name":"CodeBlock","attributes":{"data-language":"html","header":{"controls":{"copy":{}}},"source":"<RESTInterface>\n  <AuthenticationMethod>none</AuthenticationMethod>\n</RESTInterface>\n","lang":"html"},"children":[]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":[{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Save your change."]}]}]}]},"headings":[{"value":"Authentication","id":"authentication","depth":1},{"value":"About API authentication","id":"about-api-authentication","depth":2},{"value":"Basic authentication","id":"basic-authentication","depth":2},{"value":"Digest authentication","id":"digest-authentication","depth":2},{"value":"Digest HTTP authentication","id":"digest-http-authentication","depth":2},{"value":"Use remote HTTP authentication","id":"use-remote-http-authentication","depth":2},{"value":"Add remote HTTP fallback authentication","id":"add-remote-http-fallback-authentication","depth":3},{"value":"Disable authentication","id":"disable-authentication","depth":2}],"frontmatter":{"seo":{"title":"Authentication"}},"lastModified":"2026-06-23T15:15:35.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/docs/wowza-engine/guides/rest-api/authentication","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}