User Metadata | ÃÛ¶¹ÊÓÆµ Pass

Documentation ÃÛ¶¹ÊÓÆµ Pass ÃÛ¶¹ÊÓÆµ Pass Authentication

User Metadata user-metadata

Last update: Wed Mar 26 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
Authentication

IMPORTANT

The content on this page is provided for information purposes only. Usage of this API requires a current license from ÃÛ¶¹ÊÓÆµ. No unauthorized use is permitted.

User metadata refers to user-specific attributes (e.g., zip codes, parental ratings, user IDs, etc.) that are maintained by MVPDs and provided to Programmers through the ÃÛ¶¹ÊÓÆµ Pass Authentication REST API V2.

User metadata becomes available after the authentication flow completes, but certain metadata attributes may be updated during the authorization flow, depending on the MVPD and the specific metadata attribute in question.

User metadata can be used to enhance personalization for users, but might also be used for analytics. For example, a Programmer might use a userâ€™s zip code to deliver localized news or weather updates, or to enforce parental controls.

ÃÛ¶¹ÊÓÆµ Pass Authentication normalizes user metadata values when MVPDs provide data in different formats. Also, for certain attributes (e.g., zip code), the values can be encrypted using a Programmerâ€™s certificate.

ÃÛ¶¹ÊÓÆµ Pass Authentication enables Programmers to review the user metadata made available in their MVPD integrations and manage them through the .

User Metadata Attributes attributes

The following table lists some of the user metadata attributes that are made available to Programmers:

Key

Type

Sample

Requires encryption

Description

Details

userID

String

â€œ1´Ç7241±èâ€

Account identifier.

The attribute value can be a household identifier or a sub-account identifier. The userID value will differ from the householdID if the MVPD supports sub-accounts and the current user is not the primary account holder.

upstreamUserID

String

â€œ1´Ç7241±èâ€

Account identifier for concurrency monitoring.

The attribute value can be used to enforce concurrency limits across MVPD and Programmer sites and apps. The upstreamUserID value is the same as the userID value for most MVPDs.

householdID

String

â€œ1´Ç7241±èâ€

Account identifier for parental control.

The attribute value can be used to differentiate between household and sub-account usage. Sometimes it can be used as a parental control substitute if true ratings are not available, if the user was logged in with the household account, they can watch, otherwise, rated content would not be displayed. There is a lot of variation across MVPDs for how this is represented (e.g., household user ID, head of household ID, head of household flag, etc.), if the MVPD does not support sub-accounts, this will be identical to userID.

primaryOID

String

â€ÎÐ³Ü¾±»å»å1±ð19±ð³¦9-012³¦-124´Ú-²ú520-²¹³¦²¹´Ú118»å16²¹0â€

Account identifier.

The attribute is specific to AT&T. The primaryOID value is the same as the userID value when the typeID value is set to â€œP°ù¾±³¾²¹°ù²ââ€.

typeID

String

â€œP°ù¾±³¾²¹°ù²ââ€

Attribute that indicates if current user is a primary or secondary account holder.

The attribute is specific to AT&T. The primaryOID value is the same as the userID value when the typeID value is set to â€œP°ù¾±³¾²¹°ù²ââ€.

is_hoh

String

â€œ1â€

Attribute that indicates if current user is head of household or not.

The attribute is specific to Synacor.

hba_status

Boolean

â€œt°ù³Ü±ðâ€

Attribute that indicates if current user authenticated through HBA or not.

allowMirroring

Boolean

â€œt°ù³Ü±ðâ€

Attribute that indicates if current device can mirror screen or not.

The attribute is specific to Spectrum.

zip

Array

[â€œ77754â€, â€œ12345â€]

Yes

Userâ€™s zip code.

The attribute value can be used to deliver localized news, weather updates or sporting events. The zip value represents sensitive data that needs legal agreements with the MVPD. When encrypted, the representation of the zip key will be a String instead of an Array.

encryptedZip

String

â€œâ¶Ä

Yes

Userâ€™s encrypted zip code.

The attribute is specific to Comcast.

channelID

Array

[â€œchannel-1â€, â€œchannel-2â€]

List of channels the user is entitled to view.

The attribute value can be used to filter various channels from portals that aggregate multiple networks. Our recommendation is to use the Preauthorize API instead of this user metadata attribute to filter out channels that are not available to the user.

maxRating

Object

Maximum parental rating for the current user.

The attribute value can be used to filter content that is not suited for current user based on â€œMPAAâ€ or â€œVCHIPâ€ ratings.

language

String

â€œE²Ô²µ±ô¾±²õ³óâ€

Language settings.

The attribute value can be used to display messages in accordance to the userâ€™s language preferences.

The user metadata attributes made available to a Programmer depend on what an MVPD provides. The following table lists the attributes made available by various MVPDs:

Legal Agreement Signed (zip only)

User ID on AuthN

Upstream User ID on AuthN

Household ID on AuthN/Z

Primary OID on AuthN

Type ID on AuthN

Head of Household on AuthN

HBA Status

Allow Mirroring on AuthZ

Zip code on AuthN/Z

Channel ID on AuthN

Rating on AuthN/Z

Language

onNet

inHome

Notes

Formal Name

n/a

userID

upstreamUserID

householdID

primaryOID

typeID

is_hoh

hba_status

allowMirroring

zip

channelID

maxRating

language

onNet

inHome

Requires Encryption

n/a

Yes

Sensitive

n/a

Yes

ÃÛ¶¹ÊÓÆµ IdP

Yes

Yes (AuthN only)

Yes

Yes (AuthN only)

Yes

Yes (AuthN only)

Legal agreement not needed.

Synacor

Yes

Yes (AuthN only)

Yes

Yes (AuthN only)

Yes

Yes (AuthN only)

Legal agreement not covering all the proxied MVPDs. This is generic support for Synacor and possibly not rolled-up to all of their MVPDs.

Dish

Yes

Yes (AuthN only)

Yes

Yes (AuthN only)

It shares the same list as all Synacor MVPDs, plus upstreamUserID.

Comcast

Yes

Yes (AuthZ only)

Yes

Yes (AuthZ only)

AT&T

Yes

Yes (AuthN only)

Yes

Yes (AuthN only)

Legal agreement signed.

DTV

Yes

Yes (AuthN only)

COX

Yes

Yes (AuthN only)

Cablevision

Yes

Yes (AuthN only)

Yes

Legal agreement signed.

Spectrum

Yes

Yes (AuthN only)

Yes

Yes (AuthN only)

Charter

Yes

Yes (AuthN only)

Verizon

Yes

Yes (AuthN only)

HTC

Yes

Rogers

Yes

RCN

Yes

Yes (AuthN only)

Eastlink

Yes

Yes (AuthN only)

Yes

Yes (AuthN only)

Cogeco

Yes

Yes (AuthN only)

Videotron

Yes

Yes*

Yes (AuthN only)

It exposes householdID with the same value as userID.

Proxy Massilon

Yes

Yes (AuthN only)

Legal agreement signed.

Proxy Clearleap

Yes

Yes (AuthN only)

Yes (AuthZ only)

Yes

Legal agreement signed.

Proxy GLDS

Yes

Yes (AuthN only)

Other MVPDs

Yes

No legal agreement yet, sensitive metadata not available for Production. For all MVPDs the userID is available with no extra work.

IMPORTANT

Legal agreements must be signed with MVPDs before sensitive user metadata (e.g., zip code) is made available.

User Metadata Encryption encryption

To encrypt and decrypt user metadata attributes, the Programmer needs to generate a certificate (public/private key pair) and to self-configure the certificate through or to share the public key with ÃÛ¶¹ÊÓÆµ Pass Authentication representatives.

Follow the steps below to ensure that the certificate is generated and configured correctly:

Download and install the OpenSSL toolkit (http://www.openssl.org).

Generate a Certificate Signing Request (CSR):

Generate a key pair. On your command terminal run the following:

code language-bash
`openssl genrsa -des3 -out mycompany-license.key 2048`

Generate the CSR. On your command terminal run the following:

code language-bash
`openssl req -new -key mycompany-license.key -out mycompany-license.csr -batch`

You will be prompted to enter the password for the private key.

Create a back-up copy of your private key and password. Sample CSR:

code language-none

code language-none
-----BEGIN CERTIFICATE REQUEST----- MIIBnTCCAQYCAQAwXTELMAkGA1UEBhMCU0cxETAPBgNVBAoTCE0yQ3J5cHRvMRIw EAYDVQQDEwlsb2NhbGhvc3QxJzAlBgkqhkiG9w0BCQEWGGFkbWluQHNlcnZlci5l eGFtcGxlLmRvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr1nYY1Qrll1r uB/FqlCRrr5nvupdIN+3wF7q915tvEQoc74bnu6b8IbbGRMhzdzmvQ4SzFfVEAuM MuTHeybPq5th7YDrTNizKKxOBnqE2KYuX9X22A1Kh49soJJFg6kPb9MUgiZBiMlv tb7K3CHfgw5WagWnLl8Lb+ccvKZZl+8CAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GB AHpoRp5YS55CZpy+wdigQEwjL/wSluvo+WjtpvP0YoBMJu4VMKeZi405R7o8oEwi PdlrrliKNknFmHKIaCKTLRcU59ScA6ADEIWUzqmUzP5Cs6jrSRo3NKfg1bd09D1K 9rsQkRc9Urv9mRBIsredGnYECNeRaK5R1yzpOowninXC -----END CERTIFICATE REQUEST-----

Send the CSR to a Certificate Authority (CA) (for example, Verisign).
The CA will send you the certificate in .p7b format (PKCS#7, Cryptographic Message Syntax Standard).

Deploy the .p7b certificate. Convert the PKCS#7 (.p7b) file to a PKCS#12 (PFX file, Personal Information Exchange Syntax Standard) using your private key, and generate the PEM file (concatenated certificate container file):

Convert PKCS#7 file to a temporary PEM file. On your command line run the following:

code language-none
`openssl pkcs7 -in mycompany-license.p7b -inform DER -out mycompany-license-temp.pem -outform PEM -print_certs`

Convert the temporary PEM file to a PFX file. On your command line run the following:

code language-none
`openssl pkcs12 -export -inkey mycompany-license.key -in mycompany-license-temp.pem -out mycompany-license.pfx -passin pass:private_key_password -passout pass:pfx_password`

Convert the temporary PEM file to a final PEM file. On your command line run the following:

code language-none
`openssl x509 -in mycompany-license-temp.pem -inform PEM -out mycompany-license.pem -outform PEM`

Use the PEM file to configure the certificate through or send the PEM file to the ÃÛ¶¹ÊÓÆµ Pass Authentication representatives.
- Refer to the next section for more details on how to manage certificates through the .
- ÃÛ¶¹ÊÓÆµ Pass Authentication supports both a primary and a backup certificate. If your primary certificate becomes compromised in any way, you can revoke it, and switch to the secondary certificate. This will ensure a smooth transition between certificates with minimal customer impact.

User Metadata Management management

IMPORTANT

In case you do not have access to the ÃÛ¶¹ÊÓÆµ Pass TVE Dashboard, create a ticket through our and ask your Technical Account Manager (TAM) to make the appropriate changes for you.

The ÃÛ¶¹ÊÓÆµ Pass TVE Dashboard is a tool for ÃÛ¶¹ÊÓÆµ Pass Authentication customers (Programmers) to manage their configuration and data. This self-service dashboard enables a range of functionalities that are described in the ÃÛ¶¹ÊÓÆµ Pass TVE Dashboard User Guide documentation.

To review and manage the user metadata attributes made available by an MVPD, follow the steps in the TVE Dashboard User Guide for Integrations documentation.

To review and manage the certificates used for encrypting user metadata attributes, follow the steps in the TVE Dashboard User Guide for Programmers or the TVE Dashboard User Guide for Channels documents.

REST API V2 rest-api-v2

The user metadata attributes can be retrieved using the following APIs:

Refer to the Response and Samples sections of the above APIs to understand the structure of the user metadata attributes.

IMPORTANT

User metadata becomes available after the authentication flow completes, therefore the client application does not need to query a separate endpoint to retrieve the user metadata information, as it is already included in the profile information.

For more details about how and when to integrate the above APIs, refer to the following documents:

Certain metadata attributes may be updated during the authorization flow, depending on the MVPD and the specific metadata attribute. As a result, the client application may need to query the above APIs again to retrieve the latest user metadata.

recommendation-more-help

3f5e655c-af63-48cc-9769-2b6803cc5f4b