Generate Token Using Java


To build a generator:

  1. Go to /cdn-wowza-token-tool/java/ location.
  2. Run the following:
    mvn clean install 

Upon success of the build, you will find the jar (token-auth-generator.jar) file at the 'target' folder.


java -jar token-auth-generator-1.2.jar (encrypt | decrypt) (<primary_key> | <backup_key>) "<security_parameters>"

Security Parameters


  • Number of seconds since Unix time (Epoch time)
  • UTC based
  • Must not be earlier than current time


  • Referrer domain(e.g. or path(e.g.
  • Allowed multiple referrers separated by comma (,) without space(s)
  • Wildcard (*) allowed only at the beginning of a referrer, e.g. *.DOMAIN
  • Do not append space at the start & end of a referrer
  • Domain must fulfill RFC 3490
  • Path must fulfill RFC 2396
  • Should not include port (e.g.
  • Should not include protocol (e.g. http)


  • Same rules as in ref_allow
 If both ref_allow & ref_deny are specified, ref_allow will be taking precedence over ref_deny

Allow Blank/Missing Referrer

Both "ref_allow" & "ref_deny" could be configured to allow/deny blank or missing referrer during TokenAuth validation. The following configuration allow blank or missing referrer:,,MISSING

The following configuration deny blank or missing referrer:,,MISSING

Normally ref_allow & ref_deny are not to be used together, but if this happened ref_allow will take precedence over ref_deny.

Generate Token

To generate token, run the following:

java -jar token-auth-generator-1.2.jar encrypt samplekey "expire=1598832000&ref_allow=*"

Sample Output:

After generating a token, append the result to the playback URL.

Decrypt Token

To decrypt token, run the following:

 java -jar token-auth-generator-1.2.jar decrypt samplekey 110ea31ac69c09a2db0bdd74238843631cdab498ff7e6e75cbd99cc4d05426ab679a57015d4e48438c97b921652daec62de3829f8ff437e27449cfdfc2f1e5d9fc47f14e91a51ea7

Sample Output:

security parameters=expire=1598832000&ref_allow=*