User authentication

Different users and authentications

This section describes three different ways to authenticate:

• anonymous users

• logged-in users (client-side)

• logged-in users (server-side)

Authenticating with the movingimage REST API

There are three primary methods for authenticating with the movingimage REST API: Resource Owner Password Credentials, Logged-in Users (Client-side), and Logged-in Users (Server-side).

Anonymous users

This method is the simplest way to authenticate. To acquire access and refresh tokens, use the "token-endpoint" (refer to the Endpoint Discovery chapter). Utilize the following data for your request:

• client_id: Set to "anonymous"

• grant_type: Set to "password"

• response_type: Set to "token"

• scope: Set to "openid"

• username: Username of the VideoManager Pro account to be accessed

• password: Password of the VideoManager Pro account to be accessed

Example Request

curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '
    client_id=anonymous&
    grant_type=password&
    response_type=token&
    scope=openid&
    username=<---USERNAME--->&
    password=<---PASSWORD--->'
https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token

{
    "access_token": "<----ACCESS_TOKEN---->",
    "expires_in":300,
    "refresh_expires_in":3600,
    "refresh_token":"<----REFRESH_TOKEN---->",
    "token_type":"bearer",
    "id_token":"<----ID_TOKEN---->",
    "not-before-policy":0,
    "session_state":"b2e84e67-f61e-4193-88d8-5846a0b76178"
    "scope": "openid profile email"
}

Logged-in Users (Client-side)

This scenario requires a unique client ID, client secret, and redirect URI to be set up with movingimage in advance. Contact movingimage Professional Services for further assistance.

This approach involves redirecting the user to the authorization server's login page to authenticate. The authorization server will then redirect the user back to your application with an authorization code. Use this code to exchange for access and refresh tokens.

Example Authorization Code Request:

https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/auth?
    client_id=<---CLIENT_ID--->&
    redirect_uri=<---REDIRECT_URI--->&
    response_mode=query&
    response_type=code&
    scope=openid&
    state=<---RANDOM_STRING--->

Example Access Token Request:

curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '
    grant_type=authorization_code&
    client_id=<---CLIENT_ID--->&
    client_secret=<---CLIENT_SECRET--->&
    code=<---AUTHORIZATION_CODE--->&
    redirect_uri=<---REDIRECT_URI--->' 
https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token

This approach is similar to the client-side method, but instead of redirecting the user to the authorization server's login page, the server makes the necessary requests to obtain the access and refresh tokens.

Using Access Tokens

Once you have a valid access token, you must include it in the Authorization header of each request to the movingimage REST API.

Example Access Token Usage:

curl -X GET -H "Authorization: Bearer <ACCESS_TOKEN>" https://api.video-cdn.net/v1/vms

Refreshing Access Tokens

Access tokens expire after a short period, but you can maintain uninterrupted access by using the refresh token to obtain a new access token when the current one expires.

Example Refresh Token Request:

curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '
    grant_type=refresh_token&
    response_type=token&
    client_id=<---CLIENT_ID--->&
    client_secret=<---CLIENT_SECRET--->&
    refresh_token=<---REFRESH_TOKEN--->&
    scope=openid' 
https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token

Store your access and refresh tokens securely, since they grant access to your VideoManager Pro account.