Skip to main contentIBM Video Streaming Developers

Hash lifetime and expiration

Once a hash is successfully validated by IBM Video Streaming, the player will store the hash in the end user’s browser. This lets the viewer resume watching the video when returning to the page without having authenticate again.

You can specify an expiration date for the hash. When the viewer returns to the page after the expiration date, they must authenticate again.

Expiration date must be

  • Specified as UNIX timestamp in seconds
  • Part of the hash by concatenating it to the rest of the parameters
  • Included in the response object as “hashExpire”.
  • JSON encoded as part of the response

Example script in PHP for specifying hash expiration date

// We specify an expiration date as a UNIX timestamp
// which is valid for one hour.
$expiration = time()+3600;
// We concatenate it to the rest of the parameters when creating the hash.
$hash = md5(implode('|', $userData).'|'.$expiration.'|'.$SHARED_SECRET_KEY);
// We include it in the response.
$response = array_chunk(

When validating the authentication response the IBM Video Streaming infrastructure checks

  • If the expiration date is past
  • If the expiration was hashed properly

This way we can make sure that the expiration date comes from you and it has not been tampered with on the client side.