Are you looking to create closed in video system where you can do everything and no one else can do anything unless you allow them?
With Ziggeo that is quite easy to do actually.
There are several things that are of interest and help us depending on which setup we want to utilize:
- We can specify which domains (and even subdomains) can use your application token
- we can allow which domains can use iFrame or oEmbed to show player or to show recorder
- we can set what permissions someone has, such as create, edit/update, read and delete, as well as more
- and we can use authorization tokens
Most of these settings are in your Manage section of your application. What this means is that you can set all of those cool features for each of the applications that you have, allowing you to easily create a secure setup that works for you for each client, or each domain that you have easily.
Authorization tokens are under their own section, and we will go over all of the points above, in order to guide you in how to create a very secure and private system, yet with much ease.
First, lets limit the tokens to be limited to your own website(s) only.
Why would you do that and why is it not done by default?
By default we allow any website to make a call to our service with a prerequisite that it specifies correct application token and video token. This is definitely the easiest way to set things up and it requires someone to know our system and your application token and video token to play back your video on their website.
If this was to happen for you by some chance (in our experience people just seem to prefer to prevent it rather than it actually happening first) you can quickly stop it using the Mange > Allowed Domains.
Once there, we would first remove the * (asterisk) as it is a wildcard that allows every website.
If you refresh the page on your website now, you will see the video that played just a moment ago not playing any longer.
Now, lets go back to the Ziggeo dashboard so that we can allow it. This is easy as we add our website domain and save it, after which refreshing the page on your website will again show us the video that we can play back.
Many people have public development domains, production, client area, help and alike. In such cases there are 2 different ways you can accomplish setting up the allowed domains:
- you can add each subdomain that you are using
- you can use wildcard.
Lets say that your website is example.com and that you also have dev.example.com, help.example.com and clients.example.com and all of them are going to use Ziggeo.
The first approach (adding all of them) would mean that you add into your allowed domains the following:
Doing it this way means that you will need to make changes in your dashboard if you were to (for example) redirect your clients from clients.example.com to dashboard.example.com at some point.
Using the wildcard you could set it up as following:
If you were to change any of the subdomains that would not make any difference for your domains authorizations, as they would already be covered by the wildcard (well as long as the domain and TLD is the same).
Done! - Yup it was that easy to set up which domains are allowed and which are not.
Of course using the same, you could easily allow your localhost, your own website and the public website where your developers are working on the implementation for you. If you wanted, you could add any number of websites that you need.
Iframe and oEmbed Authorizations
If you do want to allow people to use your embeddings on their website, however want to easily manage if that would be video playback or recorder and what code, that is more than simple with Ziggeo just as well :)
Go to Manage > Iframe and oEmbed setups and you will see that it is just few clicks to allow specific website to be allowed to show your recorder, player or both. The recorder code is created for you and can be seen above the same options (under "Recorder Embed" segment), while for the player, you can find embedding codes under each Video preview (in Videos section).
Done! - Yup, again a simple and yet quite efficient way for you to utilize your Ziggeo application settings to quickly set the privacy of your videos to the level you like.
Authorization settings and tokens
Now onto the authorization settings. This section does require most of work, however unlike the ones above, it allows us to set it all up on embedding code level. This means that we can use different setups for each embedding if that is what we want, and while it would take a bit more to set up, it is what many call perfection - everything works as you want it and yet you go and you make it even better!
The settings that we can utilize in this section (Manage > Authorization Settings) allow us to specify settings about:
- video creation
- video edits/updates
- video playback
- video removal
- if videos can be played back without moderation
- if videos can be deleted automatically by our system
Now the first 4 settings are used in combination with authorization tokens, so we will come back to them and quickly go over the rest first.
If you are showing videos that are uploaded (always) by people that you trust such as your company employees, or if your videos are uploaded by your clients or community and only shown to your employees, then you might want to show them even if they are not moderated. In most cases however videos should likely be moderated.
By checking that option, our system will make sure that the only videos that can be played back are the ones that are approved through the Moderation page of your account.
- If you want to use code to approve videos, that is possible as well by using our API calls. It requires update video privilege so if you require those calls to be made with authorization tokens, that is possible as well. To see more about this head to our JS API page.
The last option on the list above was about automatically removing videos. We never remove the videos from your account, however you might want to have that happen for different reasons and after some specific timeframe. As such we have added the parameter that allows you to specify when the same can be deleted.
To make the embedding parameter work, the authorization settings must allow it, making sure that even if someone was to specify the removal, it would not work unless you have considered this first (when our system removes the video it does not require auth token).
We have covered a great deal and we are just starting on authorization settings, how nice it is that while there was some text to read, the setup was almost just few clicks! :)
When any action (creating, updating, reading or removing video) is taken and it requires auth tokens, you will see forbidden error unless correct auth token is provided.
We made our system smart in this context so that you can literally specify resource and action and a bit more than that. We suggest checking out the following section to see more: Authorization Tokens Docs.
With this setup you can quickly and easily set up per video, permanent, or temporary authorization tokens which follow your workflow, allowing you to authorize your managers to delete the video, your support to update the same and your customers to just preview their own videos, or possibly to allow them to update videos, only immediately after recording it.
By default we just set the requirement for authorization tokens on the removal of the videos, while all other actions are allowed and as such depend on your own embedding setup.
How easy was that? :)
Hope you liked this introduction into these cool security and privacy setups you have available with Ziggeo. If you want to know more or would like to see more details on something, just let us know in the comments bellow or by contacting us.
Please sign in to leave a comment.