The Streaming APIs (Millicast) are an end to end WebRTC streaming platform. WebRTC encrypts media on the wire by default. This article can help you understand the encryption and security of WebRTC:
Our platform uses token based authentication, which you have full control over. When a stream token is created, it generates a unique serial code, called a Publishing Token, that identifies you as a valid broadcaster for this account. Only an authenticated broadcaster on your account can publish a stream. You can set tokens to be valid for only one use, and set them to expire after X amount of time, etc.
We describe this for our Dashboard documentation at:
and in our REST API documentation at:
The same is true for subscribe tokens too.
For additional security, you can also lock down a publishing token to a specific domain, or IP address using allowedOrigins or allowedIpAddresses when creating the token via our API.