Control Panel — API Documentation


API Documentation: sevu.request


This API creates a SEVU ticket. This ticket allows a user to view a protected video. This system allows you to restrict access to a specific video or subset of videos, to a specific IP address, timeframe and usage count.

Example Code (Java)

import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashMap;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.JSONTokener;

public class SeVuService {

private static final Log log = LogFactory.getLog(SeVuService.class);

private static final String SE_VU_URL = "";

private static final String API_KEY = "your-key-here";

private static final String API_SECRET = "your-secret-here";

private static final String PASS = "your-pass-here";

private static final String APPLICATION_NAME = "app-name";

private static final Integer CDN = 1;//your cdn id here

public JSONObject viewerCounts(String url) throws JSONException, IOException {
final LinkedHashMap paramMap = getBaseMap("vsn.viewercount");
paramMap.put("app", APPLICATION_NAME);
paramMap.put("url", url);
return createSignatureAndPost(paramMap);

//expire time should be 150-250% the length of the video
//number of uses probably 10-20
public JSONObject createTicket(String remoteAddress, String video, int secondsToExpire)
throws JSONException, IOException {
final LinkedHashMap paramMap = getBaseMap("sevu.request");
paramMap.put("pass", PASS);
paramMap.put("ip", remoteAddress);
paramMap.put("video", video);
paramMap.put("app", APPLICATION_NAME);
paramMap.put("uses", 1);
paramMap.put("expire", "+" + secondsToExpire + " seconds");

return createSignatureAndPost(paramMap);

public JSONObject searchTickets(String video) throws JSONException, IOException {
final LinkedHashMap paramMap = getBaseMap("");
paramMap.put("video", video);
return createSignatureAndPost(paramMap);

public JSONObject ticketStatus(String ticketKey) throws JSONException, IOException {
final LinkedHashMap paramMap = getBaseMap("sevu.status");
paramMap.put("key", ticketKey);

return createSignatureAndPost(paramMap);

public JSONObject revokeTicket(String ticketKey) throws JSONException, IOException {
final LinkedHashMap paramMap = getBaseMap("sevu.revoke");
paramMap.put("key", ticketKey);

return createSignatureAndPost(paramMap);

public JSONObject errorLog(String ticketKey) throws JSONException, IOException {
final LinkedHashMap paramMap = getBaseMap("sevu.errorlog");
paramMap.put("key", ticketKey);
//paramMap.put("pass", PASS);
//paramMap.put("ip", remoteAddress);
//paramMap.put("video", video);
//paramMap.put("app", APPLICATION_NAME);
//paramMap.put("success", 1);
//paramMap.put("seek", 0);
//paramMap.put("limit", 100);

return createSignatureAndPost(paramMap);

private JSONObject createSignatureAndPost(final LinkedHashMap paramMap)
throws JSONException, IOException {
paramMap.put("timestamp", new Date().getTime()/1000);
String json = new JSONObject(paramMap).toString();
//php encodes slashes in a non-standard way such that it needs
//to be added AFTER json encoding
json = json.replace("/", "/");
paramMap.put("signature", generateSignature(json));

final JSONObject responseJsonObject = postMethod(new JSONObject(paramMap));
return responseJsonObject;

private LinkedHashMap getBaseMap(final String command) {
final LinkedHashMap paramMap = new LinkedHashMap();
paramMap.put("api_key", API_KEY);
paramMap.put("cdn", CDN);
paramMap.put("command", command);
return paramMap;

private String generateSignature(String requestData) {
String signature = null;
try {
Mac mac = Mac.getInstance("HmacSHA256");
SecretKeySpec secret = new SecretKeySpec(API_SECRET.getBytes(), "HmacSHA256");
signature = new String(Base64.encodeBase64(mac.doFinal(requestData.getBytes())));
} catch (Exception e) {
return signature;

private JSONObject postMethod(JSONObject jsonObject) throws JSONException, IOException {
HttpClient httpClient = new HttpClient();
PostMethod postMethod = new PostMethod(SE_VU_URL);
final String json = jsonObject.toString().replace("/", "/");
postMethod.addParameter(new NameValuePair("json", json));

String response = postMethod.getResponseBodyAsString();"response from postMethod: " + response);

return new JSONObject(new JSONTokener(new InputStreamReader(postMethod.getResponseBodyAsStream())));

Request Fields

command [REQUIRED] [string] - API command to execute
cdn [REQUIRED] [int] - The ScaleEngine CDN ID of your account
api_key [REQUIRED] [string] - The API key provided as part of your account
timestamp [REQUIRED] [int] - The unix timestamp of your request, used to prevent authenticated API requests from being replayed
  • [string] - The ScaleEngine Application name to restrict viewing to
  • [string] - A pipe separated list of applications, optionally with wildcards.
    Example: myapp-vod|otherapp-*
video [REQUIRED]
  • [string] - The stream name or path of the VOD video the user is restricted to. VOD examples look like like: sestore3/username/path/filename.mp4
  • [string] - One of more stream name or VOD path separated by a pipe, optionally with wildcards. This allows for things like multi-bitrate streams or files, or allowing users access to a group of streams and videos.
    Example: mystream_* will match mystream_720p and mystream_360p.
    Example: file1.mp4|file2.mp4 will only allow the listed files to play
    Example: sestore3/username/set1/*|sestore3/username/set2/* will match any file in those directories
pass [REQUIRED] [string] - A randomly generated password. Should be unique for each request. Recommended length atleast 10 characters.
  • [string] - The IP address to allow access from
  • [string] - The CIDR mask of a range of IP addresses to allow access from.
    Example: allows any IP address
  • [string] - The literal string 'auto' or 'auto/24'. This will update the ticket the first time it is used to restrict it to the IP address of the user. This will prevent account sharing, while at the same time dealing with edge cases such as users behind corporate firewalls or proxies that may have a different IP address on the website than they will use to access the video stream
uses [REQUIRED] [int] - The number of times the video will be allowed to start. This can be used to restrict how many times a ticket may be used, and helps further protect against account sharing
expires [REQUIRED] [datetime] - The expiration date of the ticket. After this time, access will no longer be allowed, the user will require a new ticket.
Example: 2024-07-19 23:46:05

Example Result (JSON)

    "code": 2002,
    "message": "ScaleEngine Virtual Usher Ticket Granted",
    "status": "success",
    "ticket": {
        "key": "mystream.53ffc996dd39d5.39102367",
        "pass": "g63clVAI5wFPxY9vwVOJvw6L",
        "ip": "",
        "video": "mystream",
        "app": "myapp-sevu",
        "created_date": "2014-08-29 00:30:14",
        "used_date": "0000-00-00 00:00:00",
        "uses": "5",
        "active": "1"
    "handle_time":"0.3795 seconds"

Result Fields

code [int] - API Response Code
message [string] - Debugging message
status [string] - "success" or "failure"
key [string] - The SEVU ticket. This is the string that combined with the password provided when the ticket was created allows a user access to a protected stream. Must be included in the server URL as the "key" parameter
pass [string] - The password provided by you when you requested the ticket. Must be included in the server URL as the "pass" parameter
ip [string] - The IP address provided in the request
video [string] - The video(s) or stream(s) that this ticket is valid for
app [string] - The application(s) that this ticket is valid for
created_date [datetime] - The datetime the ticket was created
used_date [datetime] - The datetime of the first time this ticket was used by a user
uses [int] - How many uses remain for this ticket, this number is decremented each time the ticket is used
active [bool] - 1 if the ticket is still active, 0 if it has been revoked
handle_time [float] - The amount of time spent processing your request