Operators can now issue per-session, time-limited tokens that scope playback to one viewer and revoke access on demand.

LOS ANGELES — June 11, 2026 — Qencode, a cloud video infrastructure platform, today announced Authenticated Playback, a signed-token system that gives video platforms control over who can access live stream content and for how long.

Why it matters

HLS playback URLs are static by default, making leaked links difficult to control once they are shared. For platforms running paid live events, that can mean lost revenue, unauthorized viewing, and compliance risk. Authenticated Playback gives operators a more precise alternative by limiting playback to authorized sessions, helping platforms protect event revenue, reduce unauthorized sharing, and maintain stronger control over distribution.

How it works

Each viewer session gets its own signed token. The operator’s backend generates the token, the player attaches it to the playback URL, and the Qencode CDN checks it on every playlist request.

To set this up, operators register a signing key tied to a specific stream and keep the private key on their backend. From there, they generate a unique token per viewer session with whatever access rules apply: short expiration windows for subscriptions, future-dated activation times for ticketed premieres, or no expiration at all for internal use. Deleting the signing key invalidates every token signed with it immediately.

Built for paid live content

This release targets platforms running live content with real access requirements: sports, pay-per-view events, enterprise webcasts, subscriber-only streams. Qencode signs and verifies.

Availability

Signed JWT authentication for live stream playback is generally available to all Qencode customers now. The full integration guide is published at the Authenticated Playback tutorial.