Secure nginx multicast server

So I figured out how to configure the nginx rtmp module for a self hosted restream solution but I haven’t figured out if I can set a stream key to prevent anyone from being able to stream to my multicast server.

here’s my nginx.conf

rtmp {
        server {
                # Im using 1936 since the usual rtmp port (1935) is used by another application
                listen 1936;
                chunk_size 4096;

                application live {
                        live on;
                        record off;
			push rtmp://url.domain/live/key
                }
        }
}

I’m not seeing anything obvious in here, maybe Im looking at the wrong place?

update:
ok I think Im onto something here, I can define an application and use on_publish to check against the application. The issue is how does one define an application in nginx??? more reading required.