API Specification
Decryption. API
Technical reference for KhelaDekho proxy aggregation, cryptographic key signatures, and AES-GCM stream decryption pipelines.
Port 8000
FastAPI Backend
Local server runner
Edge Worker
Cloudflare Edge
Serverless V8 routes
HMAC-SHA256
Cryptographic
Anti-hotlink check
AES-GCM
Stream Decoding
A256GCM v2 parser
Cryptographic Authentication
HMAC-SHA256 Verification
To prevent stream theft and unauthorized proxy access, the stream extraction endpoint is protected with token signatures. Every request to get player keys must supply validation headers hashed using your shared secret key.
Required Headers:
X-Signature-TokenX-Signature-Timestamp
Message Signature Format
The HMAC signature payload must be constructed by concatenating the integer timestamp and the target request path, separated by a colon:
system.out
$
{timestamp}:{path}Example: 1781371516:/api/v1/channels/wctveng/stream
Endpoints Spec
system_manifest
| Method & Path | Description | Access Auth |
|---|---|---|
| GET /api/v1/health | App metrics and diagnostic health | Anonymous |
| GET /api/v1/matches | Upcoming and live matches list | Anonymous |
| GET /api/v1/channels | Active channel details & metadata | Anonymous |
| GET /api/v1/stats | Platform transmission analytics | Anonymous |
| GET /api/v1/channels/:key/stream | Get decrypted manifest and decryption keys | HMAC-SHA256 |
Standard Response Envelopes
Success Output
system.out
$
{
"success": true,
"data": {
"key": "fifatv",
"name": "FIFA CTV",
"url": "https://example.com/stream.mpd",
"type": "dash",
"drm": "clearkey",
"clearkey": {
"keys": {
"834fae2345ef01a88bb3d2345eaf12bc": "a12d34bf56ea7890bcde12345fae9812"
}
}
},
"error": null
}Error Output
system.out
$
{
"success": false,
"data": null,
"error": {
"code": "HTTP_401",
"message": "Secure session credentials missing"
}
}Client Code Integrations
Python Integration
system.out
$
import time
import hmac
import hashlib
import requests
secret_key = "your-hmac-secret-key-here"
channel_key = "wctveng"
path = f"/api/v1/channels/{channel_key}/stream"
base_url = "http://localhost:8000"
timestamp = str(int(time.time()))
message = f"{timestamp}:{path}".encode()
token = hmac.new(
secret_key.encode(),
message,
hashlib.sha256
).hexdigest()
headers = {
"X-Signature-Token": token,
"X-Signature-Timestamp": timestamp
}
response = requests.get(f"{base_url}{path}", headers=headers)
print(response.json())Node.js Integration
system.out
$
const crypto = require('crypto');
const axios = require('axios');
const secretKey = "your-hmac-secret-key-here";
const channelKey = "wctveng";
const path = `/api/v1/channels/${channelKey}/stream`;
const baseUrl = "http://localhost:8000";
const timestamp = Math.floor(Date.now() / 1000).toString();
const message = `${timestamp}:${path}`;
const token = crypto
.createHmac('sha256', secretKey)
.update(message)
.digest('hex');
axios.get(`${baseUrl}${path}`, {
headers: {
'X-Signature-Token': token,
'X-Signature-Timestamp': timestamp
}
})
.then(res => console.log("Decrypted stream:", res.data))
.catch(err => console.error("Error:", err.message));