- 17 Jan 2024
- Drucken
User authentication
- Aktualisiert am 17 Jan 2024
- Drucken
Different users and authentications
This section describes three different ways to authenticate:
anonymous users
logged-in users (client-side)
logged-in users (server-side)
Authenticating with the movingimage REST API
There are three primary methods for authenticating with the movingimage REST API: Resource Owner Password Credentials, Logged-in Users (Client-side), and Logged-in Users (Server-side).
Anonymous users
This method is the simplest way to authenticate. To acquire access and refresh tokens, use the "token-endpoint" (refer to the Endpoint Discovery chapter). Utilize the following data for your request:
client_id: Set to "anonymous"
grant_type: Set to "password"
response_type: Set to "token"
scope: Set to "openid"
username: Username of the VideoManager Pro account to be accessed
password: Password of the VideoManager Pro account to be accessed
Example Request
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '
client_id=anonymous&
grant_type=password&
response_type=token&
scope=openid&
username=<---USERNAME--->&
password=<---PASSWORD--->'
https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token
Logged-in Users (Client-side)
This scenario requires a unique client ID, client secret, and redirect URI to be set up with movingimage in advance. Contact movingimage Professional Services for further assistance.
This approach involves redirecting the user to the authorization server's login page to authenticate. The authorization server will then redirect the user back to your application with an authorization code. Use this code to exchange for access and refresh tokens.
Example Authorization Code Request:
https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/auth?
client_id=<---CLIENT_ID--->&
redirect_uri=<---REDIRECT_URI--->&
response_mode=query&
response_type=code&
scope=openid&
state=<---RANDOM_STRING--->
Example Access Token Request:
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '
grant_type=authorization_code&
client_id=<---CLIENT_ID--->&
client_secret=<---CLIENT_SECRET--->&
code=<---AUTHORIZATION_CODE--->&
redirect_uri=<---REDIRECT_URI--->'
https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token
This approach is similar to the client-side method, but instead of redirecting the user to the authorization server's login page, the server makes the necessary requests to obtain the access and refresh tokens.
Using Access Tokens
Once you have a valid access token, you must include it in the Authorization header of each request to the movingimage REST API.
Example Access Token Usage:
curl -X GET -H "Authorization: Bearer <ACCESS_TOKEN>" https://api.video-cdn.net/v1/vms
Refreshing Access Tokens
Access tokens expire after a short period, but you can maintain uninterrupted access by using the refresh token to obtain a new access token when the current one expires.
Example Refresh Token Request:
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '
grant_type=refresh_token&
response_type=token&
client_id=<---CLIENT_ID--->&
client_secret=<---CLIENT_SECRET--->&
refresh_token=<---REFRESH_TOKEN--->&
scope=openid'
https://login.movingimage.com/auth/realms/platform/protocol/openid-connect/token
Store your access and refresh tokens securely, since they grant access to your VideoManager Pro account.