Vimeo - Can access token be used to control access to private videos - vimeo

This has been asked before but there is no definitive or clear answer, so I'm asking again.
I would like to embed vimeo videos on my own website, and enable playing those videos only to specific subscribed users only.
Is it possible to control the access? In a way of requesting a session token for a specific 'video play' and initialize the player with that token?
Looking through the developer docs, OAuth authentication and access tokens are mostly in relation with performing actions on the vimeo accout (upload, list, etc).
Does the vimeo player integration support API access control?

No.
The Vimeo API can only toggle a video's privacy settings, the API cannot grant playback to users outside of the privacy settings provided by Vimeo.
For example, the API can be used to set a video as password-protected and to set the video's password, however the API cannot be used to authenticate and bypass password protection and allow playback.
The privacy settings valid for a video's privacy.view and privacy.embed preferences are documented here: https://developer.vimeo.com/api/reference/videos#edit_video
An overview of video privacy settings on Vimeo can be found here: https://vimeo.zendesk.com/hc/en-us/articles/224817847-Privacy-settings-overview

Related

Creating Video with Private Link via API

I'm scoping out a project with the Vimeo API in which a user uploads a protected video.
I see the API allows for uploading a video with a password via privacy.view.
However, Vimeo also has the ability to upload a video that's only sharable with a private link. I'm not seeing a reference in the API that indicates it's possible to create this via the API. Basically, a user would upload a private video and the API returns the "private link" for that video.
I was hoping someone with more expertise might be able to confirm.

Do Vimeo support Android Native playback for my app end users?

I am developing a virtual classroom app for coaching centers
I want to use Vimeo native playback in Android and iOS app of the students
Does Vimeo support Android /iOS Native playback for my app end users?
Because I cant understand the terms in their repo
Native playback
The basic requirements for native playback are:
User must be logged in.
User must be the owner of the video.
User must be PRO or higher (or the app must have the "can access owner's video files" capability).
Token must have the video_files
scope.
User must be the owner of the API app making the request.
please explain me
Yes, Vimeo supports native playback for Android and IOS. An example of this can be referenced to ct7ct7ct7's Android-VimeoPlayer on GitHub.
For extra features, it looks like the app owner must have a PRO account in order to make the video look custom to your application.
You can read more about it here under embedding videos in vimeo.

Single User Application with Private Videos, Circumvent Password

We have a Vimeo Plus account with a large set of private, password protected videos and are building an internal application which will access a selection of these videos. So in this scenario we own the videos and the application which will access the videos. We would like to be able to embed and play the videos without entering the videos' password. Currently we are not able to find a way to achieve this using the API, is this possible?
the Vimeo API can only toggle your video's privacy settings, the API cannot grant playback to users outside of the privacy settings already provided. For example, you can use the API to set a video as password-protected and set the video's password, however you cannot use the API to authenticate and bypass password protection and allow playback.
Hope this helps!

Video rotation on a web app

We have a responsive web app (html5 + AngularJS) w/ an API (Web API, c#). Both the web app and api are hosted on Microsoft Azure and media files (images, files, videos, ...) are stored in Azure Blob Storage
The use case is the following:
1) User A uploads a video via the API
2) The API needs to fix the rotation of the video to avoid videos recorded in portrait mode to show stretched in full screen on Mobile Chrome in Android (Vertical Video Syndrome https://www.youtube.com/watch?v=Bt9zSfinwFA)
3) If User B has rights to access the video (not all users of the platform have), he should be able to stream the video
I was looking to use Azure Media Services (https://azure.microsoft.com/en-us/blog/advanced-encoding-features-in-azure-media-encoder/) to rotate the video and therefore implement step 2.
What would be the best way to implement 3, e.g, protect the content in order to ensure that only specific users of the platform have access to the video?
Thank you.
Answering your question at the end: 'What would be the best way to implement 3, e.g, protected the content in order to ensure that only specific users of the platform have access to the video?':
You have different options depending on the level of protection you require:
'hide' the video url in an area of your site which requires login with the right access to see it
use a token in the URL to control access to the video
use a DRM scheme to protect the video
The DRM approach is the most secure as it also protects you against the user copying or saving and redistributing the video.
As you are using Azure you might want to look at Azure's content protection - if you are using a different video hosting service they will usually have similar guidelines:
https://azure.microsoft.com/en-us/services/media-services/content-protection/
You can use Azure Media Services AES encryption to deliver encrypted adaptive bitrate streams using MPEG-DASH or HLS, and use JWT tokens to authenticate the user for access and decryption.
This is the same model that we use with Microsoft Stream (http://stream.microsoft.com). In the case of Stream, we use Azure Active Directory for authentication and JWT tokens.
There are a couple of sample blogs out there on the basics of how to do this.
http://gtrifonov.com/2015/01/03/jwt-token-authentication-in-azure-media-services-and-dynamic-encryption/
http://mingfeiy.com/how-client-pass-tokens-to-azure-media-services-key-delivery-services

Vimeo API: Global Privacy Settings

I believe I already know the answer to my question, but I'll throw it out there just for fun.
Is there anyway in the Vimeo Advanced API to change the global settings for an account?
I would really like to set the Embed Settings approved urls in the global side rather than having to loop through all the videos in an account to add an approved url.
Is there any way to change the global settings for a Vimeo account through the advanced API or is that going to be something implemented in the APIv3?
This is not supported in the advanced api, and may be implemented into API3 in the future.
The plan is to have support for most features on site, but each one needs to be handled securely. I can not assure you that this feature will be implemented in API3, but if you have a specific need it's worth contacting vimeo directly about it : https://vimeo.com/help/contact