Skip to main content

Overview

All MCSP content — video and audio — is delivered via CDN using adaptive bitrate (ABR) streaming in both HLS and MPEG-DASH formats. The origin (object store) is never directly accessible to clients. CDN-signed, time-limited URLs control access per content item per user session.
Architecture note: CDN-first delivery is an architectural constraint, not a performance optimisation. At 150,000 peak concurrent streams, direct object storage would not be viable from a cost or latency perspective. See ADR-002 for the full decision record.

Packaging Format Matrix

Both video and audio use CMAF (Common Media Application Format) fMP4 containers — a single set of encoded segments serves both HLS and DASH manifests, halving the CDN storage footprint compared to maintaining separate segment sets.
PlatformDRM SystemProtocolManifest Type
iOS / SafariFairPlayHLS.m3u8 with EXT-X-KEY (CBCS)
Android / ChromeWidevineDASH.mpd (CENC)
Desktop browsersWidevineDASH.mpd (CENC)
Smart TVs (Tizen/webOS)Widevine or PlayReadyHLS or DASHPlatform-dependent
Audio (iOS/Safari)FairPlayHLS audio-only.m3u8 with EXT-X-MEDIA, no video rendition
Audio (all others)WidevineDASH audio-only.mpd with audio AdaptationSet only

Manifest Generation and Token Flow

1

Playback request

Client sends GET /api/v1/play/{contentId} with Bearer token to the Playback Service.
2

Entitlement and content type resolution

Playback Service checks subscription entitlement, content visibility, and geographic restrictions. Resolves content_type: VIDEO | AUDIO from the Content Service.
3

DRM session token generation

Playback Service calls the DRM License Server via gRPC. A short-lived DRM session token (5-minute TTL) is issued for the specific (userId, contentId, sessionId) triple.
4

CDN-signed manifest URL generation

Playback Service generates an HMAC-signed CDN URL:
HMAC(contentId + userId + sessionId + contentType + expiry, CDN_SECRET)
URL TTL: 1 hour. Returned to client alongside drm_token and license_server_url.
5

CDN manifest fetch

Client fetches the manifest from CDN. CDN validates the HMAC signature. On validation failure, CDN returns 403 and no media is served.
6

DRM license acquisition

Client sends the drm_token to the License Server. License Server validates the token and issues a decryption key license (CEK wrapped in device public key). Client player decrypts segments in the hardware secure context.
7

Segment streaming

Client player fetches fMP4 segments from CDN edge cache. CDN serves from edge without contacting origin (cache hit for segments in the 24-hour window). ABR algorithm selects quality tier based on measured bandwidth.
8

Player rendering

For content_type: VIDEO — full AV player renders video with synchronized audio track. For content_type: AUDIO — audio-only player renders audio with cover art displayed.

CDN Caching Policy

AssetTTLInvalidation Trigger
Video segments (.ts, .m4s)24 hoursContent deletion or DRM key rotation
Audio segments (.m4s, .aac)24 hoursContent deletion or DRM key rotation
Video HLS manifest (.m3u8)30 secondsContent update, resolution addition, DRM re-key
Audio HLS manifest (.m3u8)30 secondsContent update, bitrate variant addition, DRM re-key
DASH manifest (.mpd) — video or audio30 secondsSame as above
Video thumbnails7 daysCustom thumbnail upload
Audio cover art7 daysCreator updates cover art
API responses (metadata)Not cached at CDNRedis cache at application layer
Nigeria residency content is excluded from global CDN edge caching. Residency content is served from the MTN Cloud Nigeria CDN origin only. International users accessing residency content will experience higher latency. This is a deliberate data sovereignty tradeoff — see Data Residency.

ABR Quality Selection

The client player manages quality tier selection using standard ABR algorithms:
PlatformABR Implementation
iOSAVFoundation built-in ABR
AndroidExoPlayer adaptive track selection
WebDASH.js / hls.js with throughput-based algorithm
Manual quality selection overrides ABR and locks to the selected tier. The override persists for the session duration or until the user resets to auto.

Failure Handling

FailureBehaviour
CDN edge node failureRequests automatically route to the next nearest PoP. No client-visible interruption for in-progress streams (TCP keep-alive).
Manifest HMAC validation failureCDN returns 403. Client receives a clear error. The 1-hour TTL covers a full viewing session for most long-form content.
DRM license expiry during playbackAt TTL expiry during active playback, the client initiates a silent license refresh using the existing drm_token (valid for 5 minutes). On drm_token expiry, playback pauses and the user is prompted to re-authenticate.
Segment cache miss (cold content)CDN fetches from origin object storage. Cold storage retrieval adds 1–12 seconds for archive-tier content. See ADR-005 for the pre-warming mitigation.

Build docs developers (and LLMs) love

Get started for freeTalk to us