Reduce costs
Lower bandwidth and storage expenses without compromising quality.
Authenticate viewers through persistent session tokens instead of URL parameters.
Signed Cookies authenticate video playback through HTTP cookies instead of embedding tokens in URLs. After a user logs in, your server issues a signed cookie that proves they're authorized to watch. The cookie persists across multiple videos and page reloads, making it ideal for web applications where users authenticate once and browse content freely. Unlike signed URLs, cookies never appear in browser history, referrer headers, or server logs.
Your app confirms the user's identity through login or SSO.
Your server generates a cryptographically signed cookie with expiry and user ID.
The player automatically includes the cookie with every request.
Qencode checks the cookie signature and user permissions without redirecting.
Expired cookies fail silently, forcing re-authentication.
Lower bandwidth and storage expenses without compromising quality.
Automate complex processing that would take hours manually.
Handle thousands of videos with the same API call.
Simple REST API with comprehensive SDKs and documentation.
A streaming service issues session cookies after login so users can browse and watch multiple videos without seeing token URLs in their browser history. Improve perceived security by 40%, reduce customer support questions about "why is my URL in Google history," and pass security audits requiring hidden tokens.
An internal company portal issues short-lived signed cookies tied to company VPN sessions so employees can't share permanent access links. Meet enterprise security requirements for session-based access and automatically revoke access when VPN ends.
An online course platform issues cookies per student per course term so access automatically expires when enrollment ends. Simplify access revocation by tying it to session expiry instead of manual deprovisioning, reducing overhead.
Watch a quick walkthrough showing how to configure and use Signed Cookies through the Qencode dashboard and API.
| Workflow Type | Web application generates a signed token and sets it as a Qencode-Auth-Token cookie. |
| Cookie Name | Qencode-Auth-Token |
| API Method | POST /v1/access_token, POST /v1/buckets/<bucket_name>/cors, and GET /v1/buckets/<bucket_name>/cors |
| Prerequisites | Custom domain for content delivery, signing key for the custom domain, bucket access policy set to Authenticated. |
| Domain Setup | Player page runs on the main app domain; protected video content is served from a playback subdomain/custom domain. |
| CORS Requirements | Access-Control-Allow-Origin: https://your-app-domain.com and Access-Control-Allow-Credentials: true |
| Allowed Method | At least GET must be allowed for bucket content requests. |
| Player Requirement | Enable credentials in the video player. For Qencode Player, use withCredentials: true. |
You can set the CORS policy for the bucket.
curl -X POST 'https://api-cdn.qencode.com/v1/buckets/signed-cookie-test/cors'
-H 'Authorization: Bearer $ACCESS_TOKEN'
-H 'Content-Type: application/json'
--data '{
"Access-Control-Allow-Origin": "https://your-app-domain.com",
"Access-Control-Allow-Methods": "GET",
"Access-Control-Allow-Credentials": "true"
}'Copy this payload and use it with your API key to test Signed Cookies on your own videos.
View Signed Cookies TutorialIncluded with Delivery
Signed Cookies are available with Qencode Content Delivery. There is no separate feature fee; delivery traffic is billed based on usage.
We love creating powerful solutions that are aligned with the needs of your business.
Please send us a message if you have a question or Schedule a call for a demo to discuss your integration.
Contact us with any questions. We'd love to help.
Los Angeles, CA - (HQ)
San Francisco, CA
New York, NY