Authenticate DAI video stream requests

Learn how to create authentication keys in Ad Manager

Dynamic ad insertion (DAI) authentication keys are used to prove that video stream requests are coming from you. They provide better security during ad serving. A key is a long, unbroken string of 64 characters and numbers. For example:

0L94DEA6C87B0F3D2407018ACF88ECDE77DK38AD1DX01957311A50E9D1O3F15B

Some older keys may be 25 characters or numbers.

There are two options when creating an authentication key:

  • Static API key
  • HMAC-based token (Beta) 

The procedure is the same for both.

Difference between API and HMAC keys

HMAC-based token authentication provides more security than static API keys. HMAC tokens use a secret key and limited duration to ensure the token cannot be easily shared across users or sessions.

Add new authentication key​s

  1. Navigate to Admin and then Video and then DAI authentication keys.
  2. Click New authentication key.
  3. Enter a Name that will help you identify this key.
  4. Select the type of authentication key—either API or HMAC.

    Both API and HMAC keys can exist for a single content source or stream. However, security is then limited to that of an API key.

  5. Click Save.

To view and copy your key, return to the details page. Once you create an active DAI authentication key, you can use it immediately. Embed the key where ads are dynamically inserted.

Keys are automatically set to "Active" upon save. Only "Active" keys that are correctly implemented can validate requests.  

Requests using deactivated keys are denied
Only deactivate a key if it becomes compromised or should not be used.​

Deactivate an authentication key​

  1. Navigate to Admin and then Video and then DAI authentication keys.
  2. Click the name of the key you want to deactivate.
  3. Select Inactive as the status.
  4. Click Save.

Implement authentication keys

HMAC keys (Beta) 

Learn how to implement HMAC authentication.

API keys

Use the IMA SDK to set the apiKey property on the IMAStreamRequest object. See the iOS, Android, Chromecast, or tvOS developer documentation for more information.

For server-side beaconing (SSB), use the api-key query parameter:

curl "https://dai.google.com/ondemand/hls/content/CMS_ID/vid/VIDEO_ID/master.m3u8?api-key=<api-authentication-key>"

Was this helpful?
How can we improve it?