there’s no point to be added in addon, addon can protect data itself with secure communication.
Base idea is to be able to protect link which are loaded in webview. There is no matter where API will be stay. Here is model
base64 decoded uncrypted sample:
parameter1 videol ink url
parameter2 session value
parameter3 verification end point API (SSL)
p1,p2,p3 values are encrypted, after xmtv app receive xmtvs://data will decode it and will send request to end point API server to verify session, if session is ok, player will proceed to play video link, if session are expired API may return vod with video ad for Addon.
parameter1 session value
parameter2 verification end point API (SSL)
in this case xmtv will ask end point for video link based on session key, end point API will return actual video link if session is valid.
Whats think about that?