Versions Compared

Old Version 9

changes.mady.by.user Rachel Stiles

Saved on

compared with

New Version Current

changes.mady.by.user Rachel Stiles

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added scope to response

This is the simplest way to authenticate. You can use the "token-endpoint" (see the Endpoint Discovery chapter) to get the access and refresh tokens. Use the following data for your request:

  • client_id - set this to "anonymous"
  • grant_type - set this to "password"
  • response_type - set this to "token"
  • scope - set this to "openid"
  • username - the username of the VideoManager Pro account to be accessed
  • password - the password of the VideoManager Pro account to be accessed

Example Request:

Code Block
languagetext
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d
    'client_id=anonymous&
    grant_type=password&
    response_type=token&
    scope=openid&
    username=<---USERNAME--->&
    password=<---PASSWORD--->'
https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token

If successful, this request will produce a response similar to the following:

Code Block
languagetext
{
    "access_token": "<----ACCESS_TOKEN---->",
    "expires_in":300,
    "refresh_expires_in":3600,
    "refresh_token":"<----REFRESH_TOKEN---->",
    "token_type":"bearer",
    "id_token":"<----ID_TOKEN---->",
    "not-before-policy":0,
    "session_state":"b2e84e67-f61e-4193-88d8-5846a0b76178"
    "scope": "openid profile email"
}
Info

Note the "expires_in" and "refresh_expires_in" values. These give the timeframe (in seconds) during which the access and refresh tokens are valid, respectively. The access token's timeframe will be short, making the refresh token necessary (as demonstrated below under the "Use the Refresh Token" heading).


With the access and refresh tokens, it is now possible to use them to authorize the user to access resources from the API.

Anchor
access-token
access-token

Use the Access Token

Once you have a valid access token, you must include it in the header of each request to the movingimage REST API. The following uses the "Get VideoManagers" method to demonstrate this:

Code Block
languagetext
curl -X GET -H "Authorization: Bearer <ACCESS_TOKEN>" https://api.video-cdn.net/v1/vms

Anchor
refresh-token
refresh-token

Use the Refresh Token

The access token will expire after a short time, but it is possible to maintain uninterrupted access. After the access token expires, you can use the refresh token to get a new one. You will also get a new refresh token and the expiration time for the tokens will restart. Refreshing the tokens is possible until the latest refresh token expires. If both tokens expire without refreshing, the session will end and you will need to authenticate again.


Perform the following POST request (again using the discovered token endpoint) to refresh the tokens:
  • Use the following data for your request:

    • grant_type - this must be "refresh_token"

    • client_id - this must be "anonymous"
    • refresh_token - the refresh token

  • Example Request:

    Code Block
    languagetext
    curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '
    grant_type=refresh_token&
    client_id=anonymous&
    refresh_token=<----REFRESH_TOKEN---->'
https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token

The response data will be formatted just as it was the first time the token endpoint was used. It will contain new access and refresh tokens to use until the next time the access token expires.