ExpressPlay offers an optional secure online storage service for your content keys at no additional charge. The ExpressPlay Key Storage Service uses the Simple Key Management (SKM) API, a simple REST API that allows you to push/pull content keys to/from ExpressPlay. You can learn more about this open API for key management in the SKM API documentation. The documentation is not specific to the ExpressPlay service, so the url patterns are missing the base url. In the case of ExpressPlay, the url base should be as follows.
- Production URL Base: https://api.service.expressplay.com/keystore
- Test URL Base: https://api.test.expressplay.com/keystore
IMPORTANT NOTE: ExpressPlay requires that each SKM API request include a “customerAuthenticator” query parameter using your production or test customer authenticator value.
Content Key Flow
Here you can see how the content is encrypted and remains protected through playback on device. The storefront requests tokens from ExpressPlay using the content key, then passes down the token to the player device or app which uses the SDK to process the token for secure playback.
Using Key Storage
In this scenario, content keys are stored by ExpressPlay in encrypted form. The content keys may be generated by a 3rd party provisioning service, then pushed to ExpressPlay using the open SKeyMa API, a REST-style interface for pushing and pulling keys. When content is packaged/encrypted, the packing tools (or hardware encoder) pull the key for each piece of content using SKeyMa. The storefront can request tokens using a content ID instead of a content key, as ExpressPlay already has the content key.