Provider-scoped access codes
Every login gates on a code your provider issues — separate from the underlying service credentials. Revoke the code and the customer is locked out instantly, even if their stream line still authenticates upstream.
Run a clean playlist,
not a junkyard.
Provider-controlled access, deterministic parsing, dead-channel detection, and AI-assisted cleanup that never touches your data without your sign-off. The modern playlist platform built for operators who actually care about their feed.
Why PlaylistForge
Built for the way IPTV providers actually work
Six things the legacy m3u tools don't give you, and we won't ship without.
Deterministic, auditable parsing
Pure-Python M3U/M3U8 parser with line-level warnings. Every import becomes an immutable version with a SHA-256 stamp. Roll back any time.
Cleanup that you control
Five deterministic detectors find duplicates, dead streams, blank names, quality-tag noise, and region-prefix clutter. AI suggestions ship in the same review queue — never auto-applied.
Private shareable URLs
Generate, rotate, and revoke time-limited URLs that point at the latest active version. Per-token rate-limited; per-token usage analytics built in.
Refresh on cron
manage.py refresh_playlists re-fetches every
authorized account hourly, only writing a new version when
the upstream actually changed. Health checks ship as a
parallel command.
Encrypted at rest
Provider access codes are stored as Django password hashes; Xtream credentials are Fernet-encrypted with a key you control. No plaintext, ever.
5
Deterministic cleanup detectors
0
Plaintext credentials at rest
327
Tests covering the gate behaviour
3
Distinct UIs: client, provider, staff
How it works
Three steps to a clean shareable URL
1
Sign up & redeem an access code
Your provider issues you a code. Enter it once; we hash it at rest and remember the authorization until they revoke it.
2
Validate your service credentials
Enter your Xtream Codes username and password. We validate them upstream once, encrypt them at rest, and never expose them again.
3
Import & review
We pull your playlist, parse it deterministically, and let you clean it up. Generate a private URL when you're happy.
FAQ
Things people ask before signing up
Is my Xtream password ever stored in plaintext?
No. We Fernet-encrypt it at rest with a key sourced from
XTREAM_FIELD_KEY on the deployment. The plaintext
only exists in memory long enough to make the upstream
authentication call.
What happens if my provider revokes my access code?
You're locked out of PlaylistForge AI immediately, even though your underlying service credentials still authenticate upstream. That's deliberate — it's the whole point of the provider-scoped gate. Your existing playlists stay in your account so you can re-redeem under another provider later.
Will AI silently rewrite my channel names?
Never. AI suggestions land in the same review queue as
deterministic detector findings, marked source=AI
and status=PENDING. Nothing changes on a channel
until you click Accept.
How are public URLs protected against abuse?
Per-token, per-IP sliding-window rate limiting (default 30 hits/minute, configurable per deployment). Throttled requests return HTTP 429 with a Retry-After header, don't bump the token's last-accessed timestamp, and don't pollute the audit log.
Can I run my own deployment?
Yes. The repo ships a hardened systemd unit, a gunicorn config,
a Caddyfile snippet, and a release/rollback procedure under
deploy/ and docs/DEPLOYMENT.md.
No credit card. Self-host or use a hosted instance.