PLATFORM Edition allowlisting and denylisting

This documentation article only applies to PLATFORM Edition customers

Updating of denylisting or allowlisting can take up to 1 hour to become available in production - emptying your browser history/cache may reveal changes faster

Introduction

With your PLATFORM edition license key you can embed Radiant Media Player on any domain or application. You pay based on your monthly player start usage. This approach is convenient but you may want to control your traffic and apply restrictions (by default no restriction is applied).

Radiant Media Player provides JSON-based domain and app allowlisting and denylisting to help you with that:

• Domain denylisting: domains listed on your denylist will not display the player (as such player starts will not be counted for those denylisted domains)
• Domain allowlisting: only domains on your allowlist will display the player (as such player starts will only be counted for those allowlisted domains)
• App Allowlisting: only apps that names have been registered in our back-end will be allowed to display the player (if no "appAllowlist" is defined then the player will work on all apps - it is therefore recommended to define "appAllowlist")

Domain allowlisting and denylisting

For Internet domains you can chose between denylisting or allowlisting but you cannot opt for both as they are mutually exclusive.

Denylisted or allowlisted domains for your account can be submitted in well-formed JSON format in our back-end (in the PLATFORM > Denylisting & Allowlisting tab) or passed to the player with customAllowDenyListUrl setting. Here is an example of well-formed denylist JSON file:

{
  "denylist": [
    "site1.com",
    "site2.net",
    "site3.info"
  ]
}

The above denylist will effectively prevent the player from being used on domains site1.com, site2.net and site3.info with your PLATFORM edition license key, but can be used on any other domains.

Here is an example of well-formed allowlist JSON file:

{
  "allowlist": [
    "site1.com",
    "site2.net",
    "site3.info"
  ]
}

The above allowlist will allow the player to be used on domains site1.com, site2.net and site3.info with your PLATFORM edition license key, all other domains will not display the player.

App allowlisting

By default you can use your PLATFORM Edition license key on any app requiring the FILE protocol (most mobile & OTT apps). However you may want and it is recommended to lock usage of your PLATFORM Edition license key to a limited number of apps.

Similarly to allowlisting domains for usage on web sites you can allowlist mobile/OTT apps. This is a 2-steps process:

Add allowlisting information in our back-end or with player setting

First you need to tell us what is the name of your app(s) you want to allowlist. This is done in our back-end in the PLATFORM > Denylisting & Allowlisting tab. You need to add a "appAllowlist" entry in your JSON file that lists your authorised app names and upload this file in our back-end. Alternatively you may use the customAllowDenyListUrl setting to host the JSON file on your server (for automated updating of that file). Example:

{
  "allowlist": [
    "site1.com",
    "site2.net",
    "site3.info"
  ],
  "appAllowlist": [
    "mySuperApp",
    "myOtherCoolApp"
  ]
}

Note that the "appAllowlist" array comes in supplement to the "allowlist" array - if you are not using the player on web sites and only need "appAllowlist", then add "allowlist" as an empty array. Your app name could be anything, but as a rule of thumb try to keep it simple, descriptive and avoid spaces or special characters.

Pass allowlist data to the player

In order to verify the validity of an app name uploaded to our back-end the player must be able to identify the app name within the app. This is done by using a custom attribute data-rwlan on the player container:

<div id="rmp" data-rwlan="bXlTdXBlckFwcA=="></div>

The custom attribute data-rwlan value will be recognised by the player and compared to "appAllowlist" data held in our back-end to authorise (or not) the player to function within your app. The data-rwlan value must be a string containing the Base64 representation of your app name (as specified in "appAllowlist"). With JavaScript this can be done with the btoa method. In the example above bXlTdXBlckFwcA== is the string Base64 representation of app name: mySuperApp.

App allowlisting considerations

App allowlisting will only come into force when the FILE protocol is in use. Where the HTTP protocol is used, the player will rely on domain allowlisting or denylisting. Even if you only use the player in a mobile app we recommend to always set allowlist (or denylist) and appAllowlist in your JSON file.

If "appAllowlist" is available in your JSON-file but the player container does not have a data-rwlan attribute or if the data-rwlan value does not match an app name registered in our back-end for your license key, the player will not work.

Externally hosted custom allow and deny lists

You may also use player setting customAllowDenyListUrl to host the list JSON file on your server, example:

customAllowDenyListUrl: 'https://www.radiantmediatechs.com/test-new.json'

With this setting the player will not use data stored in our back-end but will use the data located at customAllowDenyListUrl. You can use this setting for automated updates to the list file on your servers.