Why stream security matters
Embedding a camera stream on a website means it's publicly accessible by default. Without access controls, anyone with the URL can watch your stream. PanoraCast provides multiple layers of protection so you can control exactly who sees your cameras.
1. PIN protection
Add a 4–8 digit PIN that viewers must enter before the stream loads. This is the simplest way to restrict access without requiring user accounts. Set it in your stream settings under 'Access Controls'. Viewers see a branded PIN gate before the player loads.
2. Domain restrictions
Lock your embed to specific domains. The stream will only load when embedded on your approved websites, preventing unauthorized embedding. Add allowed domains in the embed settings — wildcards are supported (e.g., *.yourcompany.com).
3. Time scheduling
Set a schedule for when the stream is publicly accessible. Outside of scheduled hours, viewers see an offline message. Useful for business-hours-only cameras — for example, a retail store camera that only streams during opening hours.
4. Private vs public streams
Mark a stream as private to disable the public watch page entirely. The stream will only be accessible through authenticated embed tokens on your own website. Private streams don't appear in any public listing.
5. Embed token rotation
Regenerate your embed token at any time to invalidate all existing embeds. This is useful if a token is leaked or you want to revoke access immediately. Old embed codes will stop working and show an error message.
Combine multiple protections
These security features stack. For maximum protection, combine domain restrictions (so the embed only works on your site) with a PIN (so only authorized visitors can view it) and time scheduling (to limit exposure hours).