Can I protect the Runtime API with Authentication?
Yes! To so you simply need to "hide" the EMS runtime API behind a web server. Since Apache was likely installed along with your copy of the EvoStream Media Server, we’ll use that as our example. You will need to follow these general steps:
1) Make the port 7777 private in the EMS config file (set IP to 127.0.0.1)
2) Create a new Apache domain/virtual host for your commands to be sent to.
3) Use the Apache mod_proxy module to handle redirects to the EMS API port. http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
3a) Set ProxyPassMatch to: ProxyPassMatch ^/foo/(.*) http://127.0.0.1:7777/$1
3b) This means that now, instead of calling http://IP:7777/command, you will be calling http://domain/foo/command (if there is only one domain in your Apache, you can use http://IP/foo/command)
4) Setup whatever authentication you would like on your Apache domain/virtual host!
And that is it, security for your Runtime API!
Bryan