Versions Compared

Version Old Version 15 New Version 16
Changes made by

Andy Beak

Sandesh Melkote Shivashankar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

The AminoTV API currently has three authentication schemes:

NamePurposePersistenceAuth Mechanism
Management APITo protect the endpoints that customer BSS integration usesN/AIP restriction
Client APIGeneral purpose API calls made by clients on behalf of usersCookie persisted server  sessionHTTP Digest
ServiceA layer of security that identifies the client itselfCookie persisted server  sessionHTTP Digest

Table of Contents

Authenticating to the management API

The management API is intended for use exclusively by our customer's business support services and is never made available to general user clients.

We accomplish this by whitelisting the IP address (or addresses) that the customer will make their BSS integration calls from.

There are no further authentication requirements for management API endpoints.


Example client implementations

Java

Our upcoming AndroidTV SDK has support for logging in and managing service authentication.

Code Block
languagejava
themeDJango
titleSample Java code
sdk.user().login("userName", "password")
    .subscribeOn(Schedulers.io())
    .observeOn(AndroidSchedulers.mainThread())
    .subscribe(
        response -> Toast.makeText(this, "Login successful", Toast.LENGTH_LONG).show(),
        t -> Log.e(TAG, "Failed to login", t)));

Javascript

The official AminoTV SDK has support for logging in and managing service authentication.

Please see the documentation at https://hybridteam.aminocom.com/sdk/api/modules/user/login

Code Block
languagejs
themeDJango
titleSample Javascript code
sdk.user.login('me@example.com', '12345678')
  .then(() => {
    // Login successful
  })
  .catch(error => {
    // Login failed
  });

Getting a cookie for manual testing with Postman or similar

  1. Use your web-browser to log in normally.
  2. Use the developer inspect tools to look at the headers sent to an API call.
  3. Copy the cookie that your browser sends (see image)
  4. Include that header in your test request too

Authentication Using Access Token

  • A User can be authenticated by using our access token, client should first get the access token using our login end point. See Login and authentication#/User%20Authentication/loginUser
  • The client uses this API provided above to authenticate with the service and retrieve session parameters and access tokens used for authenticating with APIs. A logged in client may call this API to retrieve tokens without supplying the authorization parameters. 
  • All new AminoTV APIs only support token auth. Some users are logged in by cookie, for such cases access tokens can be obtained by cookie - token exchange process,  See https://confluence.aminocom.com/display/MAPI/Cookie-token+exchange for the process.