Product key

From Ace Stream Wiki
Jump to: navigation, search

Starting from version 2.1.0 engine works by API with authorized applications only. Authorization takes place during handshake (more detailed description you can find below). To be successfully authorized an application must have a product key.

You can get your personal product key for your application or use a public key:


If you use the public key, your app can be used only by users who have activated option "No ADs" (Ace Stream disabling ads). If this option is not activated, the engine will send an error "No ADs option must be activated to use this product" when user tries to start playback of some content.

Attention! When your application is ready and you decide to make an opened/public test, send us a request to receive a test key by registering as developer, with a description of the application and a link to download it. After verification of your product we will give you a special product key which will allow you to make opened/public tests within 30 days for any users, including users who don't have enabled NoADs option. Test for All!

If your app supports ad formats of Ace Stream system, you can get a personal product key for free by registering as developer. Application with a personal product key can be used by all users, regardless of whether they have any premium options.

Authorization of application

Below the schema of application authorization is described:

  • application sends handshake "HELLOBG" message
HELLOBG version=api_version
  • engine sends the answer
HELLOTS version=engine_version key=request_key
  • application generates response key and send it to engine
READY key=response_key

If the authorization was successfull then engine will continue to work with application and send an "AUTH" event (user authorization level).

If the authorization failed then engine sends event NOTREADY. This event is also sent as answer to any command from an unauthorized application.

random alpha-numeric string
is generated from request_key and product key with the following algorithm (described in pseudocode):
signature = hex(sha1(request_key + product_key)); // generate the request signature
x = product_key.split("-")[0];                    // cut all chars until first "-" from the product key
response_key = x + "-" + signature;               // send the string from the previous step and request signature ↵
                                                     separated by hyphen ("-") char to the engine


In this example we suppose that the application has a product key 123456-111111-222222-333333

Request signature for the given response_key in this example is generated in this way: hex(sha1("5eb1f78f123456-111111-222222-333333")) == fd2a247d83adffed56d82cca150d5fab225f1408

>>HELLOBG version=4
<<HELLOTS version=2.1.0 key=5eb1f78f
>>READY key=123456-fd2a247d83adffed56d82cca150d5fab225f1408
<<AUTH 1