Download Wistia videos - Please do not misuse it!

Wistia-download-videos.md

Download Wistia videos

1. right-click on the playing video, select Copy link
2. find Wistia video ID in the copied link e.g. wvideo=tra6gsm6rl
   • alternative: look for e.g. hashedId=tra6gsm6rl in the page source
3. load http://fast.wistia.net/embed/iframe/ + video ID in your browser
4. look for "type":"original" in the page source and copy the URL from the next line e.g. "url":"http://embed.wistia.com/deliveries/129720d1762175bcd8e06dcab926ec76ad38ff00.bin"
   • alternative: look for "type":"hd_mp4_video"
5. download the video from the URL with .mp4 extension instead of .bin

I'm all for keeping a local copy of something I paid for. In this case, the videos are hosted on Wistia while the course provider is Thinkific. I'm 100% sure something changed between a couple of months ago and now, as the *.bin files previously accessible by looking into the jsop now return 403, even from within the same authenticated browser session. I'm not a frontend dev, but if I have to guess an authentication code/token is now sent when the website requests that resource.

@mbagattini Particular to thinkific, I have fixed it. Wistia has recently restricted private video downloads and it depends on the wisitia admin to keep videos private or public.

In order to download private videos:

• you need to find the iframe source (platform specific)
• get the account id and jwt token
• generate the playlist URL
• multi threaded download (all ts files) and then merge all segments with ffmpeg

1. Obtain the Video Player HTML

Protected Wistia videos are embedded in an HTML iframe that contains the necessary authorization tokens.

This endpoint returns an HTML page with the embedded Wistia player and is platform specific.

2. Extract Video ID and JWT Token

From the HTML response, extract:

a) Wistia Video ID:
Find the jsonp URL containing the video ID.

Regex Pattern:

'/medias\/(\w+)\.jsonp/'

b) JWT Authorization Token:

options.authorization = {
    jwt: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...'
}

Regex Pattern:

/jwt:\s*['\"]([^'\"]+)['\"]/s

Note: The JWT token may span multiple lines in the HTML. Remove all whitespace/newlines after extraction.

3. Get Video Metadata

Query the Wistia API to get video metadata:

GET https://fast.wistia.com/embed/medias/{video_id}.json

Response includes:

• protected: Boolean indicating if video is protected
• accountId: Required for constructing protected URLs
• assets: Array of video qualities and formats

4. Construct Protected M3U8 URL

For protected videos, construct the HLS playlist URL:

https://fast-protected.wistia.com/embed/accounts/{account_id}/medias/{video_id}.m3u8?quality_min=360&quality_max=2160&pma={jwt_token}

Parameters:

• account_id: From metadata response
• video_id: Wistia video ID
• pma: JWT token (URL-encoded if necessary)

Note:

• Wistia JWT tokens are very much time limited.
• Playlist JWT is valid for 24h

@mbagattini Particular to thinkific, I have fixed it. Wistia has recently restricted private video downloads and it depends on the wisitia admin to keep videos private or public.

In order to download private videos:

• you need to find the iframe source (platform specific)
• get the account id and jwt token
• generate the playlist URL
• multi threaded download (all ts files) and then merge all segments with ffmpeg

1. Obtain the Video Player HTML

Protected Wistia videos are embedded in an HTML iframe that contains the necessary authorization tokens.

This endpoint returns an HTML page with the embedded Wistia player and is platform specific.

2. Extract Video ID and JWT Token

From the HTML response, extract:

a) Wistia Video ID: Find the jsonp URL containing the video ID.

Regex Pattern:

'/medias\/(\w+)\.jsonp/'

b) JWT Authorization Token:

options.authorization = {
    jwt: 'eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...'
}

Regex Pattern:

/jwt:\s*['\"]([^'\"]+)['\"]/s

Note: The JWT token may span multiple lines in the HTML. Remove all whitespace/newlines after extraction.

3. Get Video Metadata

Query the Wistia API to get video metadata:

GET https://fast.wistia.com/embed/medias/{video_id}.json

Response includes:

• protected: Boolean indicating if video is protected
• accountId: Required for constructing protected URLs
• assets: Array of video qualities and formats

4. Construct Protected M3U8 URL

For protected videos, construct the HLS playlist URL:

https://fast-protected.wistia.com/embed/accounts/{account_id}/medias/{video_id}.m3u8?quality_min=360&quality_max=2160&pma={jwt_token}

Parameters:

• account_id: From metadata response
• video_id: Wistia video ID
• pma: JWT token (URL-encoded if necessary)

Note:

• Wistia JWT tokens are very much time limited.
• Playlist JWT is valid for 24h

Hi Sumeet, thanks so much for the information!

Is this restriction by Wistia only applicable to Thinkific? Or can admins make any embedded videos private?

Upon checking my Wistia account, the only relevant option I see is to make a video password-protected, so the video can only be watched upon entering the password. Not sure if that's what you refer to as private?

Hi @berroz1 Wistia admins can make any video private. It is independent of platform. Thinkfic type platforms just use the embed code to show to end users.