How to integrate Vimeo on Android and Website with specific user access

we have purchased a VIMEO account for video streaming. Our websites and android app are running and the user-level restriction to contents is managed by firebase generated token. Now I want to integrate the VIMEO video's to be accessed by our site and app and want to ensure those videos to be accessed by the desired user only with the corresponding token.

we are now just showing the videos on our site using iframe + domain-level protection + making it private though it can be downloaded sometimes. but it is not possible to manage different user levels to access different videos only. Also struggling to integrate it in android for domain-level protection. Is it like a hardcoded client token to show videos on App or I have to use Vimeo player or API and how?

Saw some documentation for android but those seem unclear to me. Please suggest

It was really painful experience of support we are getting with the paid service from vimeo, their documention for specific or popular use-cases are super unclear. I did manage to implement my use case though not sure that whether it is the best practice or not. I will describe the the experience as details possible :

1. We moved from Vimeo Plus to Vimeo Pro account (As noone can even get the access of vimeo GET api or video file access from from api without Pro account which is must)
2. for our Website use-case we have hidden the private video from vimeo and only allowed it to be embedded in our site (though if anyone check the network he can use the the server responded html with limited time token anywhere for short time)
3. for Android use-case as it is browserless we followed https://github.com/vimeo/vimeo-networking-java and used hardcoded access-token for that and played in exoplayer (as I will have to encrypt it later or I have to r&d more for dynamically get access token for limited time when playing video using Oauth. But the problem is the documentation is super unclear which didn't even properly illustrate the life span of different tokens just said it depends on the way of creating or scope)

Coding :

confBuilder = new Configuration.Builder(accessToken);
// this access token has public+private+video file access created in the vimeo account manually
configuration = confBuilder.build();
VimeoClient.initialize(configuration);

VimeoClient.getInstance().fetchContent(url, CacheControl.FORCE_NETWORK, new ModelCallback<Video>(Video.class){
        //here url should be like "videos/{video_id}" otherwise it wasn't working whatever the url was
        @Override
        public void success(Video video) {
            //progressBar.setVisibility(View.GONE);
            if(video != null){
                Play play = video.getPlay();
                if (play != null) {
                    
                    //in my case "play" was null, but here I should get the direct link to varioud resolution files

                    VideoFile dashFile = play.getDashVideoFile();
                    String dashLink = dashFile.getLink();
                    // load link

                    VideoFile hlsFile = play.getHlsVideoFile();
                    String hlsLink = hlsFile.getLink();
                    // load link

                    ArrayList<VideoFile> progressiveFiles = play.getProgressiveVideoFiles();
                    String linkToMp4File = progressiveFiles.get(0).getLink();
                    //loadVideo();

                }
                
                //I got the link from here
                ArrayList<VideoFile> videoFiles = video.files;
                if(videoFiles != null && !videoFiles.isEmpty()) {
                    VideoFile videoFile = videoFiles.get(0); // you could sort these files by size, fps, width/height
                    String link = videoFile.getLink();
                    finalLink = link;

                    // load link
                    RunExoplayerPlayerWithThisLink();
                    // but this is http link which will redirect to https link which u have to handle in exoplayer
                }

            }
        }

        @Override
        public void failure(VimeoError error) {
            progressBar.setVisibility(View.GONE);
            Toast.makeText(getApplicationContext(), error.getMessage(), Toast.LENGTH_SHORT).show();
        }
    });

Now I have to handle Http to Https redict link in exoplayer which is restricted in exoplayer by default. so you have to set "allowCrossProtocolRedirects" to "true" in DefaultHttpDataSourceFactory which will be needed in MediaSource while playing video in exoplayer :

DefaultHttpDataSourceFactory factory;
ExtractorsFactory extractorsFactory;
MediaSource mediaSource;

factory = new DefaultHttpDataSourceFactory("exoplayer_video",null, DefaultHttpDataSource.DEFAULT_CONNECT_TIMEOUT_MILLIS,DefaultHttpDataSource.DEFAULT_READ_TIMEOUT_MILLIS,true);
extractorsFactory = new DefaultExtractorsFactory();
mediaSource = new ExtractorMediaSource(videoUri, factory, extractorsFactory,null,null);

Give me any suggestion in this topic if you think that the way could be better specially regarding access_token.specific user access implementation, I think cannot be fully possible. I just can send the link after authentication or checking user access from backend.

But there is still an issue regarding Android 10 platform (api 29) which doesn't allow some method used in the current version of the Vimeo Networking library regarding "sslSocketFactory" (Caused by: java.lang.IllegalStateException: Unable to extract the trust manager on Android10Platform, sslSocketFactory is class com.android.org.conscrypt.OpenSSLSocketFactoryImpl) which I asked (solved) in another post (Vimeo Networking Library Crash for Android 10 platform (api29))