- 05 Aug 2024
- Print
Player SDK (Software Development Kit)
- Updated on 05 Aug 2024
- Print
Introduction
This guide is designed to help developers to use our efficient, and robust Player SDK for the new movingimage player. Whether you're embedding videos or interacting with the player, our SDK simplifies and streamlines the process, providing enhanced performance, security, and control.
What is the SDK?
The SDK is a comprehensive toolkit designed to replace the old HTLM5 player API, allowing developers to interact with videos embedded using the new movingimage player. It provides methods and events for controlling the player and handling interactions.
By using the SDK, developers can significantly reduce the time and effort required to integrate our player into their pages, resulting in a more efficient and robust integration.
Difference between SDK and mi player API
While both the old Player API and the new Player SDK allow interaction with the player (e.g., play, pause, mute) and event response, there are key technical differences and advantages:
Player Integration: The Player SDK interacts with the embedded player iframe, whereas the Player API generated a player inside your page and altered your page’s code.
Modular Design: The SDK is built using ES Modules, isolating it from your existing code, which provides better control and improved security.
Optimized Performance: The old API loaded a lot of extra code, but the new SDK includes only what's necessary to send and receive messages. This results in a smaller JavaScript file, leading to faster page loads and improved performance.
SDK offers enhanced security
The new Player SDK interacts with an iframe that holds the player. Apart from offering various benefits, iframes also come with specific security considerations. Here are some security measures we’ve implemented:
Origin-Based Messaging: Messages are sent using the embedded iframe's origin, ensuring that only our embedded playout player receives the messages, preventing untrusted third parties from intercepting them.
Message Validation: Received messages are validated to confirm they come from the connected iframe, preventing other iframes from triggering event callbacks in your code, thus blocking untrusted code execution.
Parent Window Validation: When the SDK connects, messages are validated to ensure they originate from the SDK, ensuring that only your code connects to the player.
Message Format Validation: Incorrectly formatted messages are ignored and not processed further.
Secure Callbacks: Messages are posted back to the SDK origin, ensuring that only the parent window (hosting customer) receives callback/event messages from the player, preventing data leakage to untrusted third parties.
Accessing the SDK
Follow the documentation to know how to install and use the SDK, including methods supported