reference
RTMP / RTMPS: the userinfo credential contract
RTMP is the maximum-compatibility ingest path. TRaX authenticates RTMP with
credentials in the URL userinfo section — not with a /live/<key> path
suffix.
Format
rtmp://<user>:<pass>@<trax-media-host>:1935/<path>
rtmps://<user>:<pass>@<trax-media-host>:1936/<path>
| Credential style | user |
pass |
|---|---|---|
| Session JWT | trax |
the JWT |
| Stream key | the key | the key |
The <path> is the stream path you were provisioned — the same path grammar as
SRT and WHIP/WHEP.
Hard rules
- Credentials go in userinfo, not the path. The legacy
rtmp://host/live/<stream-key>convention does not authenticate on TRaX — the edge reads credentials from the URL's user/password fields only. Most encoders (OBS included) accept a fullrtmp://user:pass@host/pathURL as the server field. - RTMPS for anything sensitive. Plain RTMP (1935) is unencrypted; a JWT sent over it is visible on the wire. Prefer RTMPS (1936) or SRT when your token has a meaningful lifetime.
- Token TTL vs stream length. Authentication happens at connect time. A short-TTL JWT that expires mid-stream does not kill an established session, but reconnects need a fresh token — encoders with auto-reconnect should use a stream key or re-mint before redialing.
Failure modes
| Symptom | Likely cause |
|---|---|
| Connection refused / auth error at connect | Missing userinfo (key in the path instead), expired JWT |
| Auth OK but stream not visible | Wrong <path> — authenticated to an unprovisioned path |