This is the simplest way to authenticate. You can use the "token-endpoint" (see the Endpoint Discovery chapter) to get the access and refresh tokens. Use the following data for your request:
- client_id - set this to "anonymous"
- grant_type - set this to "password"
- response_type - set this to "token"
- scope - set this to "openid"
- username - the username of the VideoManager Pro account to be accessed
- password - the password of the VideoManager Pro account to be accessed
Example Request:
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d 'client_id=anonymous& grant_type=password& response_type=token& scope=openid& username=<---USERNAME--->& password=<---PASSWORD--->' https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token
If successful, this request will produce a response similar to the following:
{ "access_token": "<----ACCESS_TOKEN---->", "expires_in":300, "refresh_expires_in":3600, "refresh_token":"<----REFRESH_TOKEN---->", "token_type":"bearer", "id_token":"<----ID_TOKEN---->", "not-before-policy":0, "session_state":"b2e84e67-f61e-4193-88d8-5846a0b76178" "scope": "openid profile email" }
Note the "expires_in" and "refresh_expires_in" values. These give the timeframe (in seconds) during which the access and refresh tokens are valid, respectively. The access token's timeframe will be short, making the refresh token necessary (as demonstrated below under the "Use the Refresh Token" heading).
With the access and refresh tokens, it is now possible to use them to authorize the user to access resources from the API.
Use the Access Token
Once you have a valid access token, you must include it in the header of each request to the movingimage REST API. The following uses the "Get VideoManagers" method to demonstrate this:
curl -X GET -H "Authorization: Bearer <ACCESS_TOKEN>" https://api.video-cdn.net/v1/vms
Use the Refresh Token
The access token will expire after a short time, but it is possible to maintain uninterrupted access. After the access token expires, you can use the refresh token to get a new one. You will also get a new refresh token and the expiration time for the tokens will restart. Refreshing the tokens is possible until the latest refresh token expires. If both tokens expire without refreshing, the session will end and you will need to authenticate again.
- Use the following data for your request:
grant_type - this must be "refresh_token"
- client_id - this must be "anonymous"
- refresh_token - the refresh token
Example Request:
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d ' grant_type=refresh_token& client_id=anonymous& refresh_token=<----REFRESH_TOKEN---->' https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token
The response data will be formatted just as it was the first time the token endpoint was used. It will contain new access and refresh tokens to use until the next time the access token expires.