Signed URLs

Control exactly who watches your content, down to the individual link.

Overview

What It Is

Signed URLs embed cryptographic tokens directly in playback links, ensuring that only authorized viewers with valid tokens can play your content. Each link expires at a specific time and is tied to a specific user or IP, making it impossible to share the URL without breaking playback. This gives you granular control over access without requiring login pages or complex authentication systems.

Coming Soon
Process

How It Works

  1. Create a signing key

    Generate or provide a secret key that signs URLs on your backend.

  2. Generate signed URLs

    When users request content, your server creates a signed playback link with expiry and access rules.

  3. Embed the signature

    Include the token and policy (expiry, IP restrictions, user ID) as URL parameters.

  4. Player validates on first request

    Qencode's CDN verifies the signature before serving the first segment.

  5. Access is revoked automatically

    Expired tokens fail, and shared links become useless after the expiry time.

Overview

Why Signed URLs

Reduce costs

Lower bandwidth and storage expenses without compromising quality.

Save time

Automate complex processing that would take hours manually.

Scale effortlessly

Handle thousands of videos with the same API call.

Integrate in minutes

Simple REST API with comprehensive SDKs and documentation.

Use Cases

Who Uses Signed URLs

VOD Platforms

A streaming service generates unique signed URLs for each user that expire after 24 hours, so shared links die immediately. Cut password sharing costs by 30% and improve per-user metrics for licensing negotiations.

EdTech

An online course platform creates signed URLs per student per lesson that expire after the course ends. Ensure 100% compliance with instructor licensing and prevent former students from accessing updated materials.

Enterprise

A company creates signed URLs for internal videos that lock to employee IP addresses and expire when employment ends. Eliminate manual access revocation and prevent ex-employees from watching confidential content.

Tutorial

How to Use Signed URLs

Watch a quick walkthrough showing how to configure and use Signed URLs through the Qencode dashboard and API.

Tutorial Video Coming Soon
For Developers

Technical Reference

API MethodPUT /v1/buckets/<BUCKET_NAME>/policy/$POLICY_NAME to require signed URLs. POST /v1/signing-keys to create a signing key.
Signing AlgorithmJWT signed with RS256
Token FormatJWT appended to the file URL as ?auth=<TOKEN>
Token Headerskid, alg: "RS256", typ: "JWT"
Token Claimsuri, exp, nbf
Expiry Optionsexp sets expiration time. If omitted, the token has no expiration. nbf sets activation time.
Access RestrictionsBucket must use authenticated access. uri can restrict access to a directory or file; empty uri allows access to any resource in the bucket.
URL Formathttps://<bucket>.media-storage.<region>.qencode.com/path/to/file?auth=<TOKEN> or custom domain URL with ?auth=<TOKEN>
Key ManagementPrivate key is shown only once. Each signing key can be used for one bucket only.

Request Example

Generate JWT signed token using RS256 algorithm with the following structure:

headers: {
  "kid":  "<signing key id>",
  "alg": "RS256",
  "typ": "JWT",
}
payload: {
    "uri": "<key_path>", 
    "exp": "<expiration time>", 
    "nbf": "<not_before time>"
}

Copy this payload and use it with your API key to test Signed URLs on your own videos.

View Signed URLs Tutorial
Pricing

What It Costs

Included with Delivery

Signed URLs are available with Qencode delivery. There is no separate feature fee for secure playback links; delivery traffic is billed based on usage.

We love creating powerful solutions that are aligned with the needs of your business.

Please send us a message if you have a question or Schedule a call for a demo to discuss your integration.

Let's talk

First Name
Last Name
Company
Email
Your Message

Contact us with any questions. We'd love to help.

Los Angeles, CA - (HQ)

San Francisco, CA

New York, NY