ÃÛ¶¹ÊÓƵ

DocumentationÃÛ¶¹ÊÓƵ PassÃÛ¶¹ÊÓƵ Pass Authentication

(Legacy) REST API Reference rest-api-reference

Last update: Thu Jan 30 2025 00:00:00 GMT+0000 (Coordinated Universal Time)
NOTE
The content on this page is provided for information purposes only. Usage of this API requires a current license from ÃÛ¶¹ÊÓƵ. No unauthorized use is permitted.
IMPORTANT
Make sure you stay informed about the latest ÃÛ¶¹ÊÓƵ Pass Authentication product announcements and decommissioning timelines aggregated in the Product Announcements page.

Throttling mechanism

The ÃÛ¶¹ÊÓƵ Pass Authentication REST API is governed by a Throttling mechanism.

Response Formats response-formats

NOTE
The APIs provided in these services can return responses in either XML or JSON (for APIs that return a response). There are 3 different ways to specify the response format in the request:
  • Set HTTP Accept Header to application/xml or application/json.
  • In the request payload, specify the parameter format=xml or format=json.
  • Call the web service endpoint with extension .xml or .json. For example, /regcode.xml or /regcode.json
You can specify any ONE of the above methods. Specifying multiple methods with conflicting formats may result in errors or undesirable output.

REST API Endpoints clientless-endpoints

<REGGIE_FQDN>:

  • Production -
  • Staging -

<SP_FQDN>:

  • Production -
  • Staging -

Web Services Summary web_srvs_summary

The table below lists the available web services for the clientless approach. Click the web services endpoints for more information (sample request and response, input parameters, HTTP methods, etc.)

Sr
Web Service Endpoint
Description
.
Hosted At
Called By
1.
<REGGIE_FQDN>/reggie/v1/
{requestorId}/regcode
Returns randomly generated registration Code and login Page URI
2
ÃÛ¶¹ÊÓƵ
Reg Code Service
Smart Device
2.
<REGGIE_FQDN>/reggie/v1/
{requestorId}/regcode/
{registrationCode}
Returns registration code record containing registration code UUID, registration code, and hashed device ID
8
ÃÛ¶¹ÊÓƵ
Reg Code Service
ÃÛ¶¹ÊÓƵ Pass Authentication
3.
<SP_FQDN>/api/v1/config/
{requestorId}
Returns list of configured MVPDs for the requestor
5
ÃÛ¶¹ÊÓƵ
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Login
Web
App
4.
<SP_FQDN>/api/v1/authenticate
Initiates the AuthN process by informing MVPD selection event. Creates a record on authentication database, which is reconciled when a successful response is received from MVPD (Step 13)
7
ÃÛ¶¹ÊÓƵ
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Login
Web
App
5.
SAML Assertion Consumer
Existing SAML workflow between ÃÛ¶¹ÊÓƵ Pass Authentication and MVPD
13
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
ÃÛ¶¹ÊÓƵ Pass Authentication
6.
<SP_FQDN>/api/v1/checkauthn/
{registrationCode}
The Login Web App can check if the attempted login flow was successful
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Login
Web
App
7.
<SP_FQDN>/api/v1/tokens/authn
Gets AuthN token related metadata
15
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device
8.
<REGGIE_FQDN>/reggie/v1/
{requestorId}/regcode/
{registrationCode}
Deletes the reg code record and releases the reg code for reuse
16
ÃÛ¶¹ÊÓƵ
Reg Code Service
ÃÛ¶¹ÊÓƵ Pass Authentication
9.
<SP_FQDN>/api/v1/authorize
Obtains authorization response.
17
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device
10.
<SP_FQDN>/api/v1/checkauthn
Indicates whether the device has an unexpired AuthN token.
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device
11.
<SP_FQDN>/api/v1/tokens/authn
Returns the AuthN token if found.
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device
12.
<SP_FQDN>/api/v1/tokens/authz
Returns the AuthZ token if found.
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device
13.
<SP_FQDN>/api/v1/tokens/media
Returns the Short Media Token if found - same as /api/v1/mediatoken
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device
14.
<SP_FQDN>/api/v1/mediatoken
Obtains Short Media Token
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device
15.
<SP_FQDN>/api/v1/preauthorize
Retrieves the list of preauthorized resource
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device
16.
<SP_FQDN>/api/v1/preauthorize/{code}
Retrieves the list of preauthorized resources
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Login Web App
17.
<SP_FQDN>/api/v1/logout
Remove AuthN and AuthZ tokens from storage
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device
18.
<SP_FQDN>/api/v1/tokens/usermetadata
Gets user metadata after authentication flow completes
N/A
N/A
Smart Device
19.
<SP_FQDN>/api/v1/authenticate/freepreview
Create an authentication token for Temp Pass or Promotional Temp Pass
N/A
ÃÛ¶¹ÊÓƵ Pass
authentication
Service
Smart Device

REST API Security security

All ÃÛ¶¹ÊÓƵ Pass Authentication REST APIs must be called using the HTTPS protocol for secure communication. In addition, most of the APIs called should contain an access token obtained as described in the Retrieve access token API documentation.

recommendation-more-help
3f5e655c-af63-48cc-9769-2b6803cc5f4b