REST API V2 Cookbook (Client-to-Server)

Documentation 蜜豆视频 Pass 蜜豆视频 Pass Authentication

REST API V2 Cookbook (Client-to-Server) rest-api-v2-cookbook-clientserver

Last update: Fri Dec 06 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Authentication

IMPORTANT

The content on this page is provided for information purposes only. Usage of this API requires a current license from 蜜豆视频. No unauthorized use is permitted.

IMPORTANT

REST API V2 implementation is bounded by the Throttling mechanism documentation.

Steps to implement the REST API V2 in client side applications steps-to-implement-the-rest-api-v2-in-client-side-applications

To implement 蜜豆视频 Pass REST API V2, you need to follow the steps below, grouped into phases.

A. Registration phase registration-phase

Step 1: Register your application step-1-register-your-application

For the application to be able to call 蜜豆视频 Pass REST API V2, it needs an access token required by the API security layer.

To get the access token, the application needs to follow steps as described in the Dynamic Client Registration documentation.

B. Authentication phase authentication-phase

Step 2: Check for existing authenticated profiles step-2-check-for-existing-authenticated-profiles

Streaming application checks for existing authenticated profiles: /api/v2/{serviceProvider}/profiles

(Retrieve authenticated profiles)

If no profile is found and the Streaming application implements a TempPass flow
- Follow documentation on how to implement Temporary access flows
If no profile is found and the Streaming application implements an Authentication flow
- Streaming application retrieves the list of MVPDs available for serviceProvider: /api/v2/{serviceProvider}/configuration
  
  (Retrieve list of available MVPDs)
- Streaming application may implement filtering on the list of MVPDs and display only MVPDs intended while hiding others (TempPass, test MVPDs, MVPDs under development, etc.)
- Streaming application displays picker, User selects the MVPD
- Streaming application creates a session: /api/v2/{serviceProvider}/sessions
  
  (Create authentication session)
  - a CODE and URL to use for authentication is returned
  - if a profile is found, Streaming application may proceed to C. Preauthorization phase or D. Authorization phase

Step 3: Authenticate the user step-3-authenticate-the-user

Using a Browser or a Second Screen Web based application:

Option 1. Streaming Application can open a browser or webview, load the URL to authenticate, and the user lands on the MVPD login page where credentials need to be submitted
- User enters login/password, final redirect shows a success page
Option 2. Streaming Application can鈥檛 open a browser and just display the CODE. A separate web application needs to be developed to ask the user to enter CODE, build and open URL: /api/v2/authenticate/{serviceProvider}/{CODE}
- User enters login/password, final redirect shows a success page

Step 4: Check for authenticated profiles step-4-check-for-authenticated-profiles

Streaming application checks for authentication with MVPD to complete in Browser or Second Screen

Polling every 15 seconds is recommended on /api/v2/{serviceProvider}/profiles/{mvpd}

(Retrieve authenticated profiles for specific MVPD)
- If MVPD selection is not made in the Streaming application as the MVPD picker is presented in the Second Screen application, the polling should happen with CODE /api/v2/{serviceProvider}/profiles/code/{CODE}
  
  (Retrieve authenticated profiles for specific CODE)
Polling should not exceed 30 minutes, in case 30 minutes are reached, and the Streaming Application is still active, a new session needs to be initiated and a new CODE and URL will be returned
When authentication is complete, the return is 200 with authenticated profile
The Streaming application may proceed to C. Preauthorization phase or D. Authorization phase

C. Preauthorization phase preauthorization-phase

Step 5: Check for preauthorized resources step-5-check-for-preauthorized-resources

Streaming application prepares to display the videos available for the authenticated user and has the possibility to check the
access to these resources.

Step is optional and executed if the application wants to filter out the resources not available in the authenticated user package
Call to /api/v2/{serviceProvider}/decisions/preauthorize/{mvpd}

(Retrieve preauthorization decision using specific MVPD)

D. Authorization phase authorization-phase

Step 6: Check for authorized resources step-6-check-for-authorized-resources

Streaming application prepares to play a video/asset/resource selected by the user.

Step is necessary for every play start
Call /api/v2/{serviceProvider}/decision/authorize/{mvpd}

(Retrieve authorization decision using specific MVPD)
- decision = 鈥楶ermit鈥�, Streaming device starts streaming
- decision = 鈥楧eny鈥�, Streaming device informs the user that it does not have access to that video

E. Logout phase logout-phase

Step 7: Logout step-7-logout

Streaming device: User wants to log out from the MVPD

Call /api/v2/{serviceProvider}/logout/{mvpd}

(Initiate logout for specific MVPD)
If the response actionType=鈥榠nteractive鈥� and url is present, open the url in a Browser/Second Screen to complete logout with MVPD

recommendation-more-help

3f5e655c-af63-48cc-9769-2b6803cc5f4b