ActiveCode API & Authentication Guide

API Authentication Flow

This guide provides the technical steps for authenticating ActiveCode. You will learn how to configure and fetch an encrypted password from the API, decrypt it, and successfully authenticate to an ActiveCode user with device ID pairing for enhanced security.

Follow the steps below to get started.

Understanding Device ID Security

What is Device ID?

The Device ID is a unique identifier that provides an additional layer of security for your ActiveCode authentication. Think of it as a digital fingerprint for each device using your service.

How it Works:

Pairing: When a device first authenticates, its Device ID gets paired with the ActiveCode
Persistence: The same Device ID must be used for all subsequent requests
Security: This prevents unauthorized access even if someone obtains your ActiveCode

Device ID Requirements:

Must be unique per device
Should remain the same even after app reinstallation
Can be device MAC address or any static hardware identifier
Must be consistent across all API calls

Important: Once a Device ID is paired with an ActiveCode, only that specific device can access the streams. This ensures that credentials cannot be shared across multiple devices.

Panel Configuration

Set Up Decryption Key

This key is crucial for decrypting the password string your app will receive.

Navigate to: General Settings > General Tab > Load Balancing Key

Set Up ActiveCode Unique Password

This is the unique password associated with an ActiveCode (additional security) that your app will need to retrieve.

Navigate to: General Settings > Streaming Tab > Unique Password

The Authentication Process

Fetch the Encrypted Password

Make a GET request to the following API endpoint to retrieve the encrypted unique password string.

GET http://your.dns:stream_port/player_api.php?action=getactivecodepass

Decrypt the Password String

Use the Load Balancing Key you set in the panel to decrypt the string received from the player_api call. We've provided the necessary functions in multiple languages below.

Authenticate the User

Once you have the decrypted password, you can authenticate the user via the Player API.

device_id: Your unique device identifier (MAC address or static hardware ID)
username: Use the ActiveCode as username
password: Use the decrypted Unique Password

Skip Development - Get Your Ready App Now!

Forget about complex API integration, decryption functions, and endless testing. Get your 2-in-1 ActiveCode Ready App customized for your panel!

Android & iOS Ready

Fully functional apps for both platforms

Pre-Integrated API

All endpoints already configured

Device ID Security

Built-in device pairing system

What is included

Fully branded app with your logo & name
ActiveCode authentication system ready
Username/Password based system ready
Live TV, VOD & Series support
EPG integration included
Automatic decryption handling
Ready for App Store & Play Store

- Order Your Custom App -

Order Your Custom App Now

Player API Endpoints

Below are all available Player API endpoints. Replace the placeholders with your actual values:

{yourdeviceid} - Your unique device identifier
{ActiveCode} - The ActiveCode username
{DecryptPassword} - The decrypted password from step 2
X - Specific ID values (category_id, stream_id, etc.)

Authentication & User Info

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}

Live Streams

Get Live Stream Categories

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_live_categories

Get All Live Streams

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_live_streams

Get Live Streams by Category

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_live_streams&category_id=X

Get Short EPG for Live Stream

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_short_epg&stream_id=X
GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_short_epg&stream_id=X&limit=X

Get Full EPG for Live Stream

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_simple_data_table&stream_id=X

VOD (Video on Demand)

Get VOD Categories

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_vod_categories

Get All VOD Streams

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_vod_streams

Get VOD Streams by Category

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_vod_streams&category_id=X

Get Latest VOD Streams Returns 100 latest

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_vod_latest

Get VOD Info

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_vod_info&vod_id=X

Series

Get Series Categories

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_series_categories

Get All Series

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_series

Get Series by Category

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_series&category_id=X

Get Latest Series Returns 100 latest

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_series_latest

Get Series Info

GET http://your.dns:stream_port/player_api.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}&action=get_series_info&series_id=X

Special Endpoints

Get ActiveCode Password (Encrypted)

GET http://your.dns:stream_port/player_api.php?action=getactivecodepass

Full EPG List (XMLTV Format)

GET http://your.dns:stream_port/xmltv.php?device_id={yourdeviceid}&username={ActiveCode}&password={DecryptPassword}

API String Decryption Functions

Here are the functions for AES-256-CBC decryption. Use the `decrypt` function in your application with your Load Balancing Key to decode the API response.


function decrypt($data, $key) {
    $key = hash('sha256', $key, true);
    $data = base64_decode($data);
    $iv = substr($data, 0, 16);
    $ciphertext = substr($data, 16);
    return openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
}


import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.MessageDigest;
import java.util.Base64;

public class Crypto {

    public static String decrypt(String data, String key) throws Exception {
        byte[] keyBytes = MessageDigest.getInstance("SHA-256").digest(key.getBytes());
        byte[] combined = Base64.getDecoder().decode(data);
        byte[] iv = new byte[16];
        byte[] ciphertext = new byte[combined.length - 16];
        
        System.arraycopy(combined, 0, iv, 0, 16);
        System.arraycopy(combined, 16, ciphertext, 0, ciphertext.length);
        
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(keyBytes, "AES"), new IvParameterSpec(iv));
        
        return new String(cipher.doFinal(ciphertext));
    }
}


import javax.crypto.Cipher
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
import java.security.MessageDigest
import java.util.Base64

object Crypto {

    fun decrypt(data: String, key: String): String {
        val keyBytes = MessageDigest.getInstance("SHA-256").digest(key.toByteArray())
        val combined = Base64.getDecoder().decode(data)
        val iv = combined.copyOfRange(0, 16)
        val ciphertext = combined.copyOfRange(16, combined.size)
        
        val cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
        cipher.init(Cipher.DECRYPT_MODE, SecretKeySpec(keyBytes, "AES"), IvParameterSpec(iv))
        
        return String(cipher.doFinal(ciphertext))
    }
}


const crypto = require('crypto');

function decrypt(data, key) {
    const keyBuf = crypto.createHash('sha256').update(key).digest();
    const combined = Buffer.from(data, 'base64');
    const iv = combined.subarray(0, 16);
    const ciphertext = combined.subarray(16);
    
    const decipher = crypto.createDecipheriv('aes-256-cbc', keyBuf, iv);
    let plaintext = decipher.update(ciphertext);
    plaintext = Buffer.concat([plaintext, decipher.final()]);
    
    return plaintext.toString('utf8');
}


/*
Add dependencies to your pubspec.yaml:
dependencies:
  encrypt: ^5.0.1
  crypto: ^3.0.1
*/

import 'dart:convert';
import 'dart:typed_data';
import 'package:crypto/crypto.dart';

String decrypt(String data, String key) {
  final keyBytes = sha256.convert(utf8.encode(key)).bytes;
  final combined = base64.decode(data);
  final iv = IV(Uint8List.fromList(combined.sublist(0, 16)));
  final ciphertext = Encrypted(Uint8List.fromList(combined.sublist(16)));
  
  final encrypter = Encrypter(AES(Key(Uint8List.fromList(keyBytes)), mode: AESMode.cbc));
  return encrypter.decrypt(ciphertext, iv: iv);
}