We offer customization solutions and support ([email protected]) | Visit us on bitbyte3 for complete VOD solutions with apps.
NixStream
Guides

Sharing & Embeds

Share links, password protection, and embed codes

Share links and embed codes let you publish videos outside the admin panel. You still control who can watch.

Create shareable links from the admin panel or Client API. Links support:

  • Public: anyone with the URL can watch
  • Password: viewer enters a password before playback
  • Expiration: optional expiry in days (1 to 365)

Admin panel

  1. Open a video, live stream, or collection
  2. Click Share
  3. Choose visibility (public or password)
  4. Set optional expiry
  5. Copy the link or send via email

Via Client API

curl -X POST "https://your-domain.com/api/client/v1/shareable-links" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "media_id": "video-uuid",
    "media_type": "vod",
    "visibility": "password",
    "password": "secret123",
    "expires_in_days": 30
  }'

media_type accepts: vod, live, collection.

Response includes a token and full share URL. See Shareable Links API.

Public routes

RoutePurpose
/share/{token}Share page with player
/embed/{type}/{id}Embed player iframe target
/api/share/{token}/statusLink status check
/api/share/{token}/accessPassword verification

Share pages use the branded NixStream player with adaptive streaming.

When visibility is password, viewers see a password form before playback. Passwords are verified server-side; the token alone is not enough to access content.

curl -X POST "https://your-domain.com/api/share/{token}/access" \
  -H "Content-Type: application/json" \
  -d '{"password": "secret123"}'

Expiration

Expired links return an error on the share page and via the status API. Create a new link if you need to extend access.

Email sharing

Send share links by email from the admin panel: Share > Send email. You need SMTP set up in Settings > General.

MAIL_MAILER=smtp
MAIL_HOST=smtp.example.com
MAIL_PORT=587
MAIL_USERNAME=your_user
MAIL_PASSWORD=your_password
MAIL_FROM_ADDRESS[email protected]

Signed URLs

Videos in password-protected collections can use signed URL access for direct manifest requests:

POST /api/share/video/access/{token}/{video_id}

Signed URLs expire after a short window to prevent hotlinking.

Embed codes

Copy embed code from the video detail page. Embeds use the custom Shaka-based player and respect security profiles (domain restrictions).

Basic iframe embed

<iframe
  src="https://your-domain.com/embed/vod/{video-id}"
  width="640"
  height="360"
  frameborder="0"
  allowfullscreen
></iframe>

Responsive embed

Wrap the iframe in a container with padding-top: 56.25% (16:9) for responsive layouts.

Security profiles

Security profiles restrict embed and share playback by:

  • Allowed domains (referrer check)
  • Geo rules (country allow/block lists)
  • Signed Edge delivery (HLS + DASH) with AES-128 at rest

Assign a profile in Settings > Security and attach it to collections or individual videos.

Collection shares

Sharing a collection exposes all videos in that folder (and optionally sub-folders, depending on config). Works well for client portals and course libraries.

Troubleshooting

Embed shows blank player: check the domain allowlist in the security profile.

Password loop: make sure cookies aren't blocked. APP_URL must use HTTPS in production.

CORS errors: FRONTEND_URL should match your public domain.

Embed behavior and security profiles: Player, Security. API fields: Shareable Links API.

On this page