Skip to main content
With JWT access control, you mark a stream or asset as gated. Viewers must send a JWT signed with a Studio signing key. You issue JWTs from your backend after validating the user.

1. Create a signing key

In the dashboard or via the Signing Key API, create a signing key. Store the private key in your backend (env) and use the public key in Studio for verification.

2. Create gated content

Set playbackPolicy.type to "jwt" when creating the stream or asset: 
await livepeer.stream.create({ name: "Gated", playbackPolicy: { type: "jwt" } });
await livepeer.asset.create({ name: "Gated", playbackPolicy: { type: "jwt" } });

3. Sign and return a JWT from your API

In a backend route (e.g. /api/sign-jwt), validate the user, then sign a JWT with the private key. Include playbackId, expiration, and any custom claims. Return the token to the client. Use @livepeer/core/crypto signAccessJwt or any JWT library with the same claims Livepeer expects (see Livepeer Studio docs).

4. Pass the JWT to the Player

<Player.Root src={src} jwt={jwt}>
  <Player.Container><Player.Video /></Player.Container>
</Player.Root>
Custom player: Send the JWT in the Livepeer-Jwt header for WebRTC/HLS, or as query param jwt on the playback URL.
Last modified on February 23, 2026