BuyDRM
Using CPIX
Buy DRM provides a CPIX API accessible over HTTP. The request is using a CPIX document, the response contains the requested keys.
The method described in this section generates a CPIX version 2.3 document.
An example API call:
#!/bin/bash
token=YOUR_TOKEN
curl -v \
-X POST \
--header "Content-Type: text/xml; charset=utf-8" \
--header "SOAPAction: http://tempuri.org/ISmoothPackager/RequestEncryptionInfo" \
"https://cpix.keyos.com/api/v4/getKeysNoEncryption?auth-token=${token}" \
-d @widevine.cpix \
> widevine-response.cpix
The token is a JSON Web Token (JWT) generated following the instructions in
the BuyDRM documentation. To generate it you will need our x509 certificate:
x509-public_cert.pem.
The example request document, widevine-request.cpix in above example looks
like the following:
<?xml version="1.0"?>
<cpix:CPIX xmlns:cpix="urn:dashif:org:cpix" xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" id="test_ch1">
<cpix:ContentKeyList>
<cpix:ContentKey kid="af1ed63c-5784-460b-9e51-309dd47b7d9c"/>
</cpix:ContentKeyList>
<cpix:DRMSystemList>
<cpix:DRMSystem systemId="edef8ba9-79d6-4ace-a3c8-27dcd51d21ed" kid="af1ed63c-5784-460b-9e51-309dd47b7d9c"/>
</cpix:DRMSystemList>
</cpix:CPIX>
The example response document, widevine-response.cpix in above example looks
like the following:
<?xml version="1.0" encoding="utf-8"?>
<cpix:CPIX
xmlns:cpix="urn:dashif:org:cpix"
xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:enc="http://www.w3.org/2001/04/xmlenc#" id="test_ch1">
<cpix:ContentKeyList>
<cpix:ContentKey kid="af1ed63c-5784-460b-9e51-309dd47b7d9c" explicitIV="rx7WPFeERgueUTCd1Ht9nA==">
<cpix:Data>
<pskc:Secret>
<pskc:PlainValue>ACTUAL_KEY_EDITED_OUT</pskc:PlainValue>
</pskc:Secret>
</cpix:Data>
</cpix:ContentKey>
</cpix:ContentKeyList>
<cpix:DRMSystemList>
<cpix:DRMSystem systemId="edef8ba9-79d6-4ace-a3c8-27dcd51d21ed" kid="af1ed63c-5784-460b-9e51-309dd47b7d9c">
<cpix:PSSH>AAAAV3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADcSEK8e1jxXhEYLnlEwndR7fZwaC2J1eWRybWtleW9zIhCvHtY8V4RGC55RMJ3Ue32cSOPclZsG</cpix:PSSH>
<cpix:ContentProtectionData>PGNlbmM6cHNzaCB4bWxuczpjZW5jPSJ1cm46bXBlZzpjZW5jOjIwMTMiPkFBQUFWM0J6YzJnQUFBQUE3ZStMcVhuV1NzNmp5Q2ZjMVIwaDdRQUFBRGNTRUs4ZTFqeFhoRVlMbmxFd25kUjdmWndhQzJKMWVXUnliV3RsZVc5ekloQ3ZIdFk4VjRSR0M1NVJNSjNVZTMyY1NPUGNsWnNHPC9jZW5jOnBzc2g+</cpix:ContentProtectionData>
<cpix:HLSSignalingData playlist="master">I0VYVC1YLVNFU1NJT04tS0VZOk1FVEhPRD1TQU1QTEUtQUVTLUNUUixVUkk9ImRhdGE6dGV4dC9wbGFpbjtiYXNlNjQsQUFBQVYzQnpjMmdBQUFBQTdlK0xxWG5XU3M2anlDZmMxUjBoN1FBQUFEY1NFSzhlMWp4WGhFWUxubEV3bmRSN2Zad2FDMkoxZVdSeWJXdGxlVzl6SWhDdkh0WThWNFJHQzU1Uk1KM1VlMzJjU09QY2xac0ciLEtFWUlEPTB4QUYxRUQ2M0M1Nzg0NDYwQjlFNTEzMDlERDQ3QjdEOUMsS0VZRk9STUFUPSJ1cm46dXVpZDplZGVmOGJhOS03OWQ2LTRhY2UtYTNjOC0yN2RjZDUxZDIxZWQiLEtFWUZPUk1BVFZFUlNJT05TPSIxIg==</cpix:HLSSignalingData>
<cpix:HLSSignalingData playlist="media">I0VYVC1YLUtFWTpNRVRIT0Q9U0FNUExFLUFFUy1DVFIsVVJJPSJkYXRhOnRleHQvcGxhaW47YmFzZTY0LEFBQUFWM0J6YzJnQUFBQUE3ZStMcVhuV1NzNmp5Q2ZjMVIwaDdRQUFBRGNTRUs4ZTFqeFhoRVlMbmxFd25kUjdmWndhQzJKMWVXUnliV3RsZVc5ekloQ3ZIdFk4VjRSR0M1NVJNSjNVZTMyY1NPUGNsWnNHIixLRVlJRD0weEFGMUVENjNDNTc4NDQ2MEI5RTUxMzA5REQ0N0I3RDlDLEtFWUZPUk1BVD0idXJuOnV1aWQ6ZWRlZjhiYTktNzlkNi00YWNlLWEzYzgtMjdkY2Q1MWQyMWVkIixLRVlGT1JNQVRWRVJTSU9OUz0iMSI=</cpix:HLSSignalingData>
</cpix:DRMSystem>
</cpix:DRMSystemList>
</cpix:CPIX>
Similar calls can be made for for instance Playready or Fairplay by changing the
systemId value in the request document, see the DASH-IF DRM system IDs overview
for a list existing IDs.
Multiple DRms can be requested as well, for instance three different DRM keys
(Fairplay, PlayReady and Widevine) by having multiple <cpix:DRMSystem
systemId= lines in the request document.
The resulting CPIX document then can be used as outlined in Content Protection Information eXchange (CPIX), for instance:
#!/bin/bash
mp4split -o widevine.ism \
--mpd.cpix=widevine-response.cpix \
test.mp4
Note
The previously listed KeyOS Encryption Key API has been decommissioned as
of March 1, 2025.