Hi Folks,
We're creating an application where different classes of users have access to different videos. Consider for example a case where free users get access to 3 videos a months and paid users get access to 10 videos a month.
I read the discussion of the API about tokens and read vs write tokens, and limiting the streaming to a specific domain, but neither of these seem to solve the above problem. Seems like a good solution would be something like S3's REST authentication https://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
You can also send a signature as a URL-encoded query-string parameter in
the URL for the request. This is useful if you want to enable a third party
to access S3 on your behalf without your having to proxy the data transfer.
For example, if you want to enable a user to download your private data
directly from S3, you can insert a pre-signed URL into a web page before
giving it to your user. The canonicalized string that you sign is the same,
except that you replace the DATE field in the string with an Expires field
that indicates when you want the signature to expire. The Expires field is
given as the number of seconds since epoch time, and is also included as a
query string parameter along with your AWS Access Key ID:
This kind of solution would be ideal for us, but if you have a different way to solve this issue, we'd be happy to go that route.
