Navigator: requestMediaKeySystemAccess() method

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The requestMediaKeySystemAccess() method of the Navigator interface returns a Promise which delivers a MediaKeySystemAccess object that can be used to access a particular media key system, which can in turn be used to create keys for decrypting a media stream.

This method is part of the Encrypted Media Extensions API, which brings support for encrypted media and DRM-protected video to the web.

This method may have user-visible effects such as asking for permission to access one or more system resources. Consider that when deciding when to call requestMediaKeySystemAccess(); you don't want those requests to happen at inconvenient times. As a general rule, this function should be called only when it's about time to create and use a MediaKeys object by calling the returned MediaKeySystemAccess object's createMediaKeys() method.


requestMediaKeySystemAccess(keySystem, supportedConfigurations)



A string identifying the key system. For example com.example.somesystem or org.w3.clearkey.


A non-empty Array of objects conforming to the object returned by MediaKeySystemAccess.getConfiguration. The first element with a satisfiable configuration will be used.

Each object may have the following properties:

Note: Either videoCapabilities or audioCapabilities may be empty, but not both!

label Optional

An optional label for the configuration, which defaults to "". This label is preserved for configurations fetched using MediaKeySystemAccess.getConfiguration


An array of strings that indicate the data type names for the supported initialization data formats (default to an empty array). These names are names like "cenc", "keyids" and "webm" that are defined in the Encrypted Media Extensions Initialization Data Format Registry.


An array of supported audio capabilities. If the array is empty the content type does not support audio capabilities.

Each object in the array has the following properties:


A string indicating the media MIME-type of the media resource, such as "audio/mp4;codecs=\"mp4a.40.2\". Note that the empty string is invalid, and that if the MIME-type definition includes parameters, such as codecs, these must also be included.


The encryption scheme associated with the content type, such as cenc, cbcs, cbcs-1-9. This value should be set by an application (it defaults to null, indicating that any encryption scheme may be used).


The robustness level associated with the content type. The empty string indicates that any ability to decrypt and decode the content type is acceptable.


An array of supported video capabilities. The objects in the array have the same form as those in audioCapabilities.


A string indicating whether the implementation may use "distinctive identifiers" (or distinctive permanent identifiers) for any operations associated with any object created from this configuration. The allowed values are:


The returned object must support this feature.


The returned object may support this feature. This is the default


The returned object must not support or use this feature.


A string indicating whether whether the returned object must be able to persist session data or any other type of state. The values are the same as for distinctiveIdentifier and have the same meaning: required, optional (default) ,not-allowed. Only "temporary" sessions may be created when persistent state is not allowed.


An array of strings indicating the session types that must be supported. Permitted values include:


A session for which the license, key(s) and record of or data related to the session are not persisted. The application does not need to manage such storage. Implementations must support this option, and it is the default.


A session for which the license (and potentially other data related to the session) will be persisted. A record of the license and associated keys persists even if the license is destroyed, providing an attestation that the license and key(s) it contains are no longer usable by the client.

Return value

A Promise that fulfils with a MediaKeySystemAccess object representing the media key system configuration described by keySystem and supportedConfigurations.


In case of an error, the returned Promise is rejected with a DOMException whose name indicates what kind of error occurred.

NotSupportedError DOMException

Either the specified keySystem isn't supported by the platform or the browser, or none of the configurations specified by supportedConfigurations can be satisfied (if, for example, none of the codecs specified in contentType are available).

SecurityError DOMException

Use of this feature was blocked by Permissions-Policy: encrypted-media.


Either keySystem is an empty string or the supportedConfigurations array is empty.


The example below shows how you might use requestMediaKeySystemAccess(), specifying a key system and configuration.

const clearKeyOptions = [
    initDataTypes: ["keyids", "webm"],
    audioCapabilities: [
      { contentType: 'audio/webm; codecs="opus"' },
      { contentType: 'audio/webm; codecs="vorbis"' },
    videoCapabilities: [
      { contentType: 'video/webm; codecs="vp9"' },
      { contentType: 'video/webm; codecs="vp8"' },

  .requestMediaKeySystemAccess("org.w3.clearkey", clearKeyOptions)
  .then((keySystemAccess) => {
    /* use the access to get create keys */


Encrypted Media Extensions
# navigator-extension-requestmediakeysystemaccess

Browser compatibility

BCD tables only load in the browser

See also