Guides
  1. Advanced Workflows

Working with Anonymous Cookies

How to use anonymous CloudFront cookies to provide public access to secure content without full authentication.

Nomad Media supports anonymous access to secure CloudFront cookies. This is used when library content is public, but CloudFront cookies are still required to access it — providing an extra security layer that discourages users from sharing raw CDN URLs, without requiring a full authentication flow.

Request

The cookie endpoint is part of the Media API and does not require authentication when anonymous access is enabled:

GET {portalApiUrl}/api/media/set-cookies/{id}
async function getCookies(authToken) {
    const headers = new Headers();
    headers.append("Content-Type", "application/json");
    headers.append("Authorization", `Bearer ${authToken}`);

    const response = await fetch(`{portalApiUrl}/api/media/set-cookies/{id}`, {
        method: "POST",
        headers: headers
    });

    if (response.ok) {
        return await response.json();
    }

    return undefined;
}
def get_cookies(AUTH_TOKEN: str) -> dict:
    if not AUTH_TOKEN:
        raise Exception("Authentication Token: The authentication token is invalid")

    API_URL = "{portalApiUrl}/api/media/set-cookies/{id}"

    HEADERS = {
        "Content-Type": "application/json"
    }

    try:
        RESPONSE = requests.get(API_URL, headers=HEADERS)
        INFO = json.loads(RESPONSE.text)

        if RESPONSE.status_code != 200:
            raise Exception("Response returned " + str(RESPONSE.status_code))

        return INFO
    except:
        raise Exception("Get cookies failed")

The {id} Parameter

The {id} in the URL is the ContentDefinition ID for the content type:

TypeContentDefinition ID
Live Channelsbf8ac754-5b8b-4330-b1aa-76f15fb7f673
Assets3ff29f61-bd0b-4c17-b855-49db5a292aeb

Response behavior:

  • For Live Channels: returns 3 CloudFront cookies.
  • For Assets: returns either 3 cookies (standard) or 6 cookies (if both secured and restricted content are enabled).

Performance tip: Cache the cookie response. The cookies grant access to all live streams or all assets in the system and are valid for the entire cookie duration (typically 4–6 hours). They only need to be retrieved once per user session.

For more detail on using the cookies for secure video playback, see the Secure Video documentation.

Enabling Anonymous Access

Anonymous access is disabled by default. To enable it, add the following to the nomadApplication section of the system configuration:

"application/nomadSettings": {
    "enableAnonymousSecureAssets": true,
    "enableAnonymousSecureLiveStreams": true,
    "liveChannelSecureCookieExpirationHours": 4,
    "AssetSecureCookieExpirationHours": 4
}
SettingDescription
enableAnonymousSecureAssetsEnables anonymous cookie access for assets.
enableAnonymousSecureLiveStreamsEnables anonymous cookie access for live streams.
liveChannelSecureCookieExpirationHoursCookie expiration in hours for live stream cookies (default: 4).
AssetSecureCookieExpirationHoursCookie expiration in hours for asset cookies (default: 4).