Generate Token Using .NET


On this page:


To build a generator:

  1. Go to /cdn-wowza-token-tool/dotnet/src location
  2. Run xbuild

Upon success of the build, you will find the .exe (TokenAuthGenerator.exe) file at the 'TokenAuthGenerator/bin/Debug' folder.


TokenAuthGenerator.exe (encrypt | decrypt) (<primary_key> | <backup_key>) "<security_parameters>"

Security Parameters


  • Number of seconds since Unix time(Epoch time)
  • UTC based
  • Must not be earlier than current time


  • Referrer domain (e.g. or path (e.g.
  • Allow multiple referrers separated by comma (,) without space(s)
  • Wildcard (*) allowed only at the beginning of a referrer, e.g. *.DOMAIN
  • Do not append space at the start & end of a referrer
  • Domain must fulfill RFC 3490
  • Path must fulfill RFC 2396
  • Should not include port (e.g.
  • Should not include protocol(e.g. http) portion


  • The same rules as for ref_allow
If both ref_allow & ref_deny are specified, ref_allow will be taking precedence over ref_deny

Allow blank/missing referrer

Both "ref_allow" & "ref_deny" could be configured to allow/deny blank or missing referrer during TokenAuth validation.

The following configuration allows blank or missing referrer:,,MISSING

The following configuration deny blank or missing referrer:,, MISSING
Normally ref_allow & ref_deny should not be used together, but if this happened ref_allow will take precedence over ref_deny.

Generate Token

To generate token, run the following:

TokenAuthGenerator.exe encrypt samplekey "expire=1598832000&ref_allow=*"

Sample Output:


After generating a token, append the result to the playback URL.

Decrypt token

To decrypt a token, run the following:

TokenAuthGenerator.exe decrypt samplekey 110ea31ac69c09a2db0bdd74238843631cdab498ff7e6e75cbd99cc4d05426ab679a57015d4e48438c97b921652daec62de3829f8ff437e27449cfdfc2f1e5d9fc47f14e91a51ea7 

Output example:

security parameters=expire=1598832000&ref_allow=*