Getting Started

NodeCat is a NodeJS-based service for generating and validating Common Access Tokens (CAT). CAT is a compact, CBOR-encoded token format designed for use in streaming media workflows — for example, protecting HLS manifest URLs so that only authenticated clients can fetch them. Available as a service in Eyevinn Open Source Cloud, NodeCat gives you a ready-to-use token endpoint without managing a Node deployment yourself.

Prerequisites

If you have not already done so, sign up for an Eyevinn OSC account.

Step 1: Create a NodeCat instance

Navigate to the NodeCat service in the Eyevinn OSC web console. Click Create nodecat, enter a name for your instance, and click Create.

Wait for the status to show Running.

Step 2: Use the token endpoint

Once running, click the instance card to see the instance URL. NodeCat exposes an HTTP API for issuing and validating Common Access Tokens.

Issue a token:

curl -X POST https://<your-instance>.andersnas-nodecat.auto.prod.osaas.io/token \
  -H "Content-Type: application/json" \
  -d '{"sub": "user123", "exp": 3600}'

Validate a token:

curl https://<your-instance>.andersnas-nodecat.auto.prod.osaas.io/validate \
  -H "Authorization: Bearer <token>"

Replace <your-instance> with the name you chose in Step 1.

Using the CLI

osc create andersnas-nodecat mynodecat

Use Case: Protecting HLS Streams

NodeCat is commonly used to add token-based access control to HLS manifests:

Your backend mints a short-lived CAT token for each authenticated viewer.
The token is appended to the HLS manifest URL as a query parameter.
A CDN or origin validates the token using NodeCat before serving the manifest.

This pattern prevents unauthorized access without requiring a session cookie or heavyweight auth layer.

Resources

NodeCat on the OSC dashboard
Common Access Token IETF draft
Service: Common Access Token Validator — related service for CAT validation