VideohatiDocs
Guides

Guide: Protect your videos

Use short-lived sessions, a referrer allowlist, and a viewer watermark to deter copying and trace leaks.

Videohati gives you three controls to keep your videos from spreading where you do not want them. Each one is an option you set when you create a playback session, so it applies per view.

Be honest with yourself about the ceiling first: no system can make downloading or screen recording impossible. What these controls do is deter casual copying and trace a leak back to a specific viewer. They raise the effort and remove the anonymity — they are a deterrent, not a lock.

Every option below is set on playback.createSession, which you always call on your server.

Short-lived sessions

A playback session is a temporary permission to watch. It expires on its own, so a shared link stops working. Set ttlSeconds to control how long a session stays valid.

const session = await client.playback.createSession({
  videoId,
  ttlSeconds: 3600, // this session is valid for one hour
});

Keep the window as short as your use fits. A shorter session means a copied link or token is useless sooner.

Lock playback to your domains

referrerAllowlist limits playback to pages served from domains you name. If someone lifts your embed and pastes it on another site, it will not play there.

const session = await client.playback.createSession({
  videoId,
  referrerAllowlist: ["example.com", "app.example.com"],
});

List every domain that should host the player, including subdomains you use.

Put the viewer on the video

A visible watermark that shows who is watching is a strong deterrent: a viewer who might share a recording thinks twice when their own name is burned into it. It also lets you trace a leaked copy back to one viewer.

  • viewerDisplayText is the text drawn on top of the video — a name, an email, an order number.
  • viewerIdFromRequest is an identifier you attach to the session for tracing. It is recorded with the session but not shown on screen, so you can tie a session back to a viewer without putting a raw identifier on the video.
const session = await client.playback.createSession({
  videoId,
  viewerDisplayText: "[email protected]", // shown over the video
  viewerIdFromRequest: "user_01H8…", // recorded for tracing, not shown
});

The player keeps the watermark visible while the video plays. Together these three controls make casual copying harder and leaks traceable — which, short of a physical lock, is the honest goal.