To fortify the security of your delivery chain, configuring custom headers at strategic points is a straightforward mechanism to restrict access and control interactions between components. Below are two key configurations:

On the content origin

Configuring a custom header in the origin server effectively restricts access to it exclusively to the broadpeak.io platform, preventing unauthorized entities from directly accessing your source content.

To get broadpeak.ioto use one or multiple custom headers, add them in the options on the relevant Source.

With the APIs, you can set headers through the origin.customHeaders property (or adOrigin.customHeaders for restrictions on the origin for ad creatives).

📘

IP Whitelisting

For increased access restriction, we recommend that you also configure your origin to only accept requests from broadpeak.ioIP addresses. See Platform Access for details.

On the service

This measure restricts access to the broadpeak.io service from your own players or client applications, ensuring that only authorized players can request your content.

To add a custom header on a service, configure it in the service options, under "Authorization header"

With the APIs, the feature is configured through the advancedOptions.authorizationHeader property.

❗️

Always use HTTPS

To achieve a robust and secure delivery chain, it is essential that you also ensure that all communications between the CDN, broadpeak.io, the origin server, and clients are encrypted using TLS.