VIDEO API BACKEND - CREDENTIALS SETUP
=====================================

IMPORTANT: Follow these steps BEFORE deploying to production!

1. GENERATE API KEY
-------------------
Your API key should be a random 32-character string.

Option A - Use Online Generator:
- Visit: https://www.random.org/strings/
- Set length: 32
- Characters: Alphanumeric

Option B - Use Command Line:

Windows PowerShell:
-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 32 | ForEach-Object {[char]$_})

Mac/Linux:
openssl rand -hex 16

Example API Key:
a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6


2. GENERATE ADMIN PASSWORD HASH
--------------------------------
Create a strong password and generate its bcrypt hash.

Your Password: [Choose a strong password]
Example: MySecurePass123!

Generate Hash Online:
- Visit: https://bcrypt-generator.com/
- Enter your password
- Use rounds: 10
- Copy the generated hash

Example Hash:
$2y$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi


3. UPDATE api/config.php
------------------------
Open api/config.php and replace these values:

Line 8:
define('API_KEY', 'YOUR_GENERATED_API_KEY_HERE');

Line 14:
define('ADMIN_PASSWORD_HASH', '$2y$10$YOUR_GENERATED_HASH_HERE');

Line 22:
define('BASE_URL', 'https://yourdomain.com/video-api');


4. ADMIN LOGIN CREDENTIALS
--------------------------
After updating config.php, use these to login:

URL: https://yourdomain.com/video-api/admin/login.php
Username: admin
Password: [Your chosen password from step 2]

DEFAULT PASSWORD (CHANGE IMMEDIATELY!):
Username: admin
Password: admin123


5. UPDATE ANDROID APP
----------------------
In your Android app's ApiConfig:

const val BASE_URL = "https://yourdomain.com/video-api/"
const val API_KEY = "YOUR_GENERATED_API_KEY_HERE"


6. SECURITY NOTES
-----------------
✓ Never share your API key publicly
✓ Never commit config.php to public repositories
✓ Change default password immediately
✓ Use HTTPS in production
✓ Rotate API key periodically
✓ Keep backups of your credentials

7. SAVE THESE CREDENTIALS
--------------------------
Store your credentials securely (password manager recommended):

API Key: _______________________________
Admin Username: admin
Admin Password: _______________________________
Domain: https://yourdomain.com/video-api/

Last Updated: [Date]


DEPLOYMENT CHECKLIST
====================
Before going live:

[ ] Generated unique API key
[ ] Generated strong password hash
[ ] Updated api/config.php with new credentials
[ ] Updated BASE_URL with actual domain
[ ] Changed default admin password
[ ] Tested admin login
[ ] Tested API endpoints with new key
[ ] Updated Android app with new API key
[ ] Enabled HTTPS
[ ] Backed up credentials securely


QUICK TEST COMMANDS
===================

Test API (replace with your values):
curl -H "X-API-Key: YOUR_API_KEY" https://yourdomain.com/video-api/api/videos.php

Expected response:
{"success":true,"count":0,"videos":[]}


SUPPORT
=======
If you encounter issues:
1. Verify PHP version (7.4+)
2. Check error logs in cPanel
3. Test with default credentials first
4. Verify file permissions
5. Check .htaccess syntax

For detailed deployment guide, see DEPLOYMENT.md
