HTTP Auth: Backend
Backend authorization lets you use your existing user management system (Middleware) to control access to your streams. Instead of managing users in Astra, you can connect to your current platform like Ministra, IPTVportal, or a custom system.
How it works
Section titled “How it works”
- User requests a channel: The viewer’s player sends a request with their token or credentials
- Astra asks your Middleware: Astra forwards the request details to your user management system
- Middleware checks permissions: Your system verifies if the user can access this channel
- Access granted or denied: If approved, Astra streams the content; if not, access is blocked
Configuration
Section titled “Configuration”Go to Settings → HTTP Auth in Astra. Choose your “Backend Type” and enter the “Backend Address” for your system.
Ministra/Stalker
Section titled “Ministra/Stalker”Backend Address:
http://example.com/stalker_portalIn your Ministra/Stalker admin panel, enable Temporary URL → Flussonic support
IPTVportal
Section titled “IPTVportal”For cloud platform:
https://go.iptvportal.cloudFor local installation: Use your server’s address (e.g., http://your-server.com)
In the portal settings open Keys menu and create a new key:
Name: AstraAlgorithm: ARESSTREAMMode: SMKey Length: 1472 bitUpdate Rate: 1:00:00
In portal channel settings:
Auth: arescryptEncoded: turn onKey: Astra
Microimpulse Smarty
Section titled “Microimpulse Smarty”Backend Address:
http://example.comHTTP Request
Section titled “HTTP Request”Create your own authentication system by selecting HTTP Request as the Backend Type and providing your custom endpoint URL.
When a user requests access, Astra sends a GET request to your endpoint with:
- Query parameters: All parameters from the original user request
- HTTP headers with session details:
X-Session-ID: unique session numberX-Channel-ID: unique channel identifierX-Real-IP: client’s IP addressX-Real-Path: client’s request pathX-Real-UA: client’s User-AgentX-Real-Host: client’s Host request
Your backend can respond with:
HTTP 200: Access grantedHTTP 403/401: Access deniedX-Session-Nameheader - User’s login name (optional)
Example workflow:
- Your backend:
https://auth.example.com/check - User requests:
https://live.example.com/play/a001/index.m3u8?token=123 - Astra calls:
https://auth.example.com/check?token=123 - Headers include:
X-Real-Path: /play/a001/index.m3u8plus other request details
Important: Default behavior
Section titled “Important: Default behavior”If your backend is unreachable, Astra allows access by default. This prevents your service from going down if your authentication server has issues, but means users get free access during outages.
Troubleshooting
Section titled “Troubleshooting”Users getting free access
Section titled “Users getting free access”If users can watch channels without paying, your backend might be down. Test your backend connection:
curl -v "https://auth.example.com/check"Replace the URL with your actual backend address from Astra settings.
Common issues:
Connection refused: Backend server is down- Request hangs: Network connectivity problems
- Wrong URL: Check your backend address in settings
Users can’t access paid channels
Section titled “Users can’t access paid channels”If legitimate users are blocked:
- Check your backend logs: Look for authentication errors
- Verify response codes: Your backend must return HTTP 200 for valid users
- Test manually: Use curl with a valid token to test your endpoint