Ingest Settings

The <IngestSettings> block manages stream publishing (ingesting) to the application. It controls whether streams can be published, how they are handled on arrival, and which authorization method is used to verify incoming broadcasters.

Available in: mono, origin

Sample Configuration

IngestSettings block

xml

<IngestSettings>
    <AllowStreamIngest>true</AllowStreamIngest>
    <AutoStreamPublish>true</AutoStreamPublish>
    <AllowStreamOverwrite>true</AllowStreamOverwrite>
    <Authorization enabled="false" />
</IngestSettings>

Parameters

Parameter	Description	Default
`<AllowStreamIngest>`	Specifies whether publishing streams to this application is allowed (e.g., via OBS or other RTMP encoders).	`true`
`<AutoStreamPublish>`	Determines whether a newly ingested stream is automatically set to `PUBLISHED`, allowing immediate playback.	`true`
`<AllowStreamOverwrite>`	Defines whether an existing stream can be overwritten by a new incoming stream with the same key.	`true`

Authorization

The <Authorization> block controls how broadcasters are authenticated when publishing streams. Several methods are available depending on your use case.

Parameter	Description
`Authorization:enabled`	If set to `true`, stream ingest authorization is required.
`Authorization:type`	Specifies the authorization method: `managed`, `request`, `file`, or `local`.

No Authorization

xml

<Authorization enabled="false" />

When authorization is disabled, any broadcaster can publish a stream to the application without providing credentials.

Managed Authorization

xml

<Authorization enabled="true" type="managed" />

With managed authorization, a stream must be created in advance along with its authentication credentials. Only then can a broadcaster connect to it. This approach provides precise control over stream creation and does not require external endpoints or predefined authorization lists.

A stream with credentials can be created in two ways:

a) Via Control Panel

Navigate to the Streams section, select Create New Stream, choose the application, assign a Stream Key, set Auth Method to Credentials, and provide a Username and Password.

b) Via REST API

REST API – Create stream with credentials

bash

POST {{base_url}}/api/streams/{{application_name}}

Request body

json

{
  "data": {
    "attributes": {
      "streamKey": "test",
      "type": "ingest",
      "allowPublishing": true,
      "recordStream": false,
      "source": {
        "authType": "credentials",
        "auth": {
          "username": "john",
          "password": "smith"
        }
      }
    }
  }
}

Request-based Authorization

xml

<Authorization enabled="true" type="request">
    <RequestURL>https://acme.com/api/storm/auth/{streamKey}</RequestURL>
    <XApiKey>your-secret-x-api-key</XApiKey>
</Authorization>

This method is designed for dynamic environments with multiple external broadcasters. When a stream publishing attempt is made, Storm performs an HTTP request to the configured endpoint to obtain authentication credentials. The X-Api-Key header (configured via <XApiKey>) is included in every request.

The request URL supports the following template variables:

Variable	Description
`{streamKey}`	Stream key of the requested stream
`{username}`	Username used for authentication
`{ipAddress}`	IP address of the incoming connection

Example with multiple templates:

Request URL with multiple templates

xml

<RequestURL>https://acme.com/api/storm/auth/{streamKey}/{ipAddress}</RequestURL>

Expected JSON response format:

Response format

json

{
  "username": "john",
  "password": "qwerty"
}

Standard HTTP response codes apply: 200 – OK, 401 – Access Denied, 404 – Not Found. Responses with a status code other than 200 are not parsed and their content is ignored.

File-based Authorization

xml

<Authorization enabled="true" type="file">
    <FileURL>/home/storm/server/config/auth_publish.xml</FileURL>
</Authorization>

This method is suited for environments with a small and stable number of broadcasters. When a publishing attempt is made, Storm compares the provided credentials against the entries in the configured file.

Required XML file structure:

auth_publish.xml

xml

<?xml version="1.0" encoding="UTF-8" ?>
<Authorization version="1.0">
    <AuthorizationList>
        <AuthItem username="admin" password="qwerty" />
        <AuthItem username="john" password="superpass" />
    </AuthorizationList>
</Authorization>

Local Authorization

xml

<Authorization enabled="true" type="local">
    <AuthorizationList>
        <AuthItem username="admin" password="qwerty" />
    </AuthorizationList>
</Authorization>

With this method, authentication credentials are stored directly within the application configuration. This is suited for simple setups with a small number of broadcasters. The credential list can also be managed via the REST API.

Note

Authentication credentials are stored in plain text in the preferences.xml file.

Managing credentials via REST API:

REST API – Update local credentials

bash

POST {{base_url}}/api/applications/{{application_name}}/settings/ingest

Request body

json

{
  "data": {
    "attributes": {
      "authType": "local",
      "authUsers": [
        {
          "username": "admin",
          "password": "qwerty123"
        },
        {
          "username": "publisher",
          "password": "secret456"
        }
      ]
    }
  }
}

Environment Variables

All parameters support environment variables using the ${EV:VARIABLE_NAME} syntax. Fields locked by environment variables cannot be modified via the REST API.

Support Needed?

If you have any questions or need assistance, please create a support ticket and our team will help you.