Bunny Stream offers two layers of token-based protection — one for the embed iframe and one for the underlying CDN URLs. Use embed view tokens to protect the player itself, and CDN tokens when you’re serving direct video URLs from your own player or application.Documentation Index
Fetch the complete documentation index at: https://docs.bunny.net/llms.txt
Use this file to discover all available pages before exploring further.
Embed view token authentication
The embed view token authentication allows you to sign the embed view iframe. This is the default security mechanism to prevent other websites or applications from embedding your videos when using the default Stream player. If enabled, embed view token authentication also protects MediaCage Enterprise DRM License service endpoint. For instructions on how to generate tokens, please see the Embed view token authentication section.CDN token authentication
The CDN token authentication works on the Pull Zone level. It allows you to secure and sign direct video URLs on a lower level and use those in your own video player or custom solution. For instructions on how to set this up, see the CDN Pull Zone Token Authentication Guide.CDN token authentication applies to all direct URLs — MP4 fallbacks, HLS playlists and segments, thumbnails, and previews. If any of these return a 403 after enabling it, the token is either expired, malformed, or missing from the request. Pull Zone-level controls (IP allowlists, Edge Rules, hotlink protection) can also block Stream playback independently of your library security settings — when troubleshooting, check the linked Pull Zone under Stream > Your Library > API > Pull Zone > Manage.