Extractors.md 5.0 KB

YouTube

PO Token Guide

Proof of Origin (PO) token is a parameter that YouTube requires to be sent with video playback requests from some clients. Without it, requests for the affected clients' format URLs may return HTTP Error 403, or result in your account or IP address being blocked.

This token is generated by BotGuard (Web) / DroidGuard (Android) to attest the requests are coming from a genuine client. This guide will be assuming the use of a PO Token generated by BotGuard, for use with the web client.

For PO Tokens generated by BotGuard, when logged out, the PO Token is bound to a Visitor ID. This Visitor ID is found in the VISITOR_INFO1_LIVE cookie, or in the visitorData value which is sent with Innertube API requests. When logged in, the PO Token is bound to the account Session ID (part of the Data Sync ID), rather than the Visitor ID.

Manually acquiring a PO Token from a browser for use when logged out

This process goes through manually obtaining a PO Token generated on YouTube in a web browser, and then manually passing that to yt-dlp via the po_token extractor argument.

Steps:

  1. Open YouTube Music or YouTube Embedded (e.g. https://www.youtube.com/embed/aqz-KE-bpKQ) in a browser. Make sure you are not logged in to any account!
  2. Open any video
  3. Open the developer console (F12), then go to the "Network" tab and filter by v1/player
  4. Click the video to play and a player request will appear in the network tab
  5. In the request payload JSON, find the PO Token at serviceIntegrityDimensions.poToken and save that value
  6. Export cookies from the browser
  7. Pass the PO Token to yt-dlp using --extractor-args "youtube:player-client=web,default;po_token=web+PO_TOKEN_VALUE_HERE" with cookies (--cookies COOKIES_FILE)

Addendum:

  • You can also get the PO Token from any of the videoplayback URLs (it is the pot query parameter).
  • You can also use --cookies-from-browser if that is pointed to the browser session with the same logged-out session you extracted the PO Token from.

Passing Visitor Data without cookies

In some cases, you may not want to use cookies and instead pass Visitor Data to use in Innertube API requests.

[!WARNING] This method is not recommended for most cases. It requires skipping webpage requests so that the VISITOR_INFO1_LIVE cookie does not interfere. This results in more requests needing to be sent as well as less stable extraction.

You can do this with:

--extractor-args "youtube:player-client=web,default;player-skip=webpage,configs;po_token=web+PO_TOKEN_VALUE_HERE;visitor_data=VISITOR_DATA_VALUE_HERE"

Manually acquiring a PO Token from a browser for use when logged in

The process for obtaining a PO Token for use when yt-dlp is logged into an account is similar to the above. The PO Token obtained should work with either cookies or OAuth.

Steps:

  1. Open YouTube Music in a browser, and log in with the user you are using with yt-dlp
  2. Open any video
  3. Follow steps 3-5 above
  4. Pass the PO Token to yt-dlp using --extractor-args "youtube:player-client=web;po_token=web+PO_TOKEN_VALUE_HERE" with your method of auth (cookies or OAuth)

Note only the web client is used above example (instead of web and default). When logged in, it is recommended to explicitly supply a PO token to all clients used to help avoid getting your account blocked.

  • If you want to use another client such as mweb, you should append mweb+PO_TOKEN_VALUE_HERE to the po_token argument and append mweb to the player-client argument.

If you are using cookies, see Exporting YouTube Cookies on how to export cookies without them being invalidated.

Other methods of acquiring a PO Token

Plugins

Exporting YouTube cookies

If you are unfamiliar with the basics of exporting cookies and passing them to yt-dlp, then first see How do I pass cookies to yt-dlp?

YouTube rotates cookies frequently on open YouTube browser tabs as a security measure. To export cookies that will remain working with yt-dlp, you will need to export cookies in such a way that they are never rotated.

One way to do this is through a private browsing/incognito window:

  1. Open a new private browsing/incognito window and log into YouTube
  2. Open a new tab and close the YouTube tab
  3. Export cookies from the browser then close the private browsing/incognito window so the session is never opened in the browser again.

Logging in with OAuth

[!CAUTION] Due to new restrictions enacted by YouTube, logging in with OAuth no longer works with yt-dlp. You should use cookies instead.