CODEWITHSUNDEEP
vimeovimeo-apivimeo-playeroembed
r_honey
r_honey

Reputation: 893

Embedding Vimeo password protected vidoes on a white-listed domain

I know this question has been asked before:

Vimeo - Sending password via javascript api

Show password protected Vimeo video without password

How to embed a password protected video by sending password through vimeo GET API 3 c#

But an year or more has passed since each question was asked and we are hoping Vimeo might have improved things/API as multiple users seem to be having the same requirement.

We are evaluating Vimeo for a client's video hosting needs and everything seems perfect and in-place. We will be doing custom integration and hence would be using their API as well as Player SDK to embed Vimeo videos into our portal.

However there's only one missing link we are trying to figure out: Vimeo allows a video to be unlisted from vimeo.com and only shown in whitelisted domains; which is perfect. We would be using this feature.

However Vimeo further allows videos to be password protected. But when playing via the Player SDK, Vimeo always prompts the user for password which basically defeats the whole purpose of password protection. We have paid content videos and if we share password with one user; there's nothing preventing the user from distributing the password further.

The answers provided on questions above suggest making the videos private and show only on whitelisted domains. But won't the same be subject to header spoofing attacks?

I would have assumed Vimeo's oEmbed API would have enabled us to sending the password for the video from our server and then vimeo returns a one-time playback link for the video which we could have rendered on the web using the Vimeo's Player SDK. Thus providing even better protection for paid content/commercial videos.

However I see no such option being mentioned in the Player SDK/oEmbed API docs.

So is anyone aware of an option where a Vimeo password-protected video can be embedded on the page of a whitelisted domain and the password transparently shared with Vimeo by our server so the user does not need to input the password in the video itself?

Upvotes: 0

Views: 1307

Answers (1)

Dheeraj Singh
Dheeraj Singh

Reputation: 109

The answer to below would give you a clear picture :

I would have assumed Vimeo's oEmbed API ...

Once you have whitelisted the domain or an Ip address, that computer or server is allowed to access resources, below request is taking your IP or domain to Vimeo, checking as per whitelist rule and return the required JSON that has everything most important is html that has a secured URL

 https://vimeo.com/api/oembed.json?url=https://vimeo.com/videso/45215485

this is barrier based, would return you below JSON:

{
  "type": "video",
  "version": "1.0",
  "provider_name": "Vimeo",
  "provider_url": "https://vimeo.com/",
  "title": "ReflectionVOID",
  "author_name": "Page Films",
  "author_url": "https://vimeo.com/pagefilms",
  "is_plus": "1",
  "html": "<iframe src=\"https://player.vimeo.com/video/204420014\" width=\"640\" height=\"272\" frameborder=\"0\" title=\"ReflectionVOID\" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>",
  "width": 640,
  "height": 272,
  "duration": 345,
  "description": "",
  "thumbnail_url": "https://i.vimeocdn.com/video/621081707_640.jpg",
  "thumbnail_width": 640,
  "thumbnail_height": 272,
  "thumbnail_url_with_play_button": "https://i.vimeocdn.com/filter/overlay?src0=https%3A%2F%2Fi.vimeocdn.com%2Fvideo%2F621081707_640.jpg&src1=http%3A%2F%2Ff.vimeocdn.com%2Fp%2Fimages%2Fcrawler_play.png",
  "upload_date": "2017-02-16 15:03:43",
  "video_id": 204420014,
  "uri": "/videos/204420014"
}

That's what I just have concluded.

Upvotes: 2

Related Questions