We need to upload video on app dev account on Vimeo, not on 3rd party owned account.
We need the video to be totally invisible and not searchable.
We need the video to be embeddable in some domains (this part works even with privacy.view
set as hidden
)
We need a mobile app (ios and android) to play the videos (when app+our api server authorize the user).
Field: privacy.view
. These are the allowed settings from official doc
anybody
[NO: my video cannot be public]contacts
disable
[this is equivalent to the UI setitng 'hidden from Vimeo', I cannot use this because from mobile app video will be NOT visible]nobody
password
[cannot use this because we don't want user to insert a password]unlisted
users
I cannot use some of the previous as stated in the listing. Which of the remaining settings allow an user from a mobile app to see the video but keep anyway reserved the video? Important is that video is not listed when an user open our vimeo account and must not be searchable.
Side note: I ask to community here because Vimeo's developers gave us bad infos: they told us that
disable
will allow viewwing from a mobile app
What you're attempting to do is possible.
Here are some steps to follow:
This will effectively secure all your videos at once and ensure they can't be embedded in general
This ensure that by default your videos will all belong to the domains you specify.
This is a little more tricky. Tricky because there isn't really a "domain" on a mobile app (unless it's a webview and you're serving an embedded video).
To solve this issue here is a recommendation. Each video (in its own settings) will have a list of available URLs for streaming. These URLs are precious. They do not work with the domain whitelist. Luckily they cannot be discovered unless they are made available to the public.
For streaming, you should use the HLS
video URL (video quality will adapt depending on the user's connection speed).
Essentially, your API should fetch the HLS video URL from the vimeo API and return it to your mobile application. You must understand that these URLs are not secured behind a domain whitelist. This means that if the user happens to get their hands on the URL they can effectively use the URL anywhere.
Of course, most users will be completely oblivious on how to discover the HLS url. However, you can make this process more complex so novice hackers and so forth will have trouble debugging your app to get the URLs from your API requests.
This will complicate the process for the people trying to discover the URL. However, anyone actually having the right tools can see the video player send a request with the HLS URL for the video.