Introduction
User profiles allow a single household account to be shared between several members of that household. Each user can have their own profile with their own settings and recordings.
User profiles can be marked as belonging to a child, in which case it will never be allowed to watch adult content. Note that this restriction cannot be lifted by providing the account PIN code, only adult profiles can be unlocked to display adult content.
Overview of endpoints
We track user profiles using the following entity. Our API endpoints expose the entity.
| Entity | Purpose |
|---|---|
| UserProfile | This stores information about profiles of an account. |
| Table of Contents |
|---|
Sequence diagram
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The sequence for using an existing profile is as follows:
- The user logs into the account as normal
- The authorised user is marked as default user profile by default.
- The client retrieves a list of existing profiles and displays this to the user for selection
- The user selects a profile
- The client swaps the account authentication token for a profile authentication token
- All further calls to the API are authenticated with the profile authentication token
The sequence for creating a new profile is as follows:
- The user logs into the account as normal
- The authorised user is marked as default user profile by default.
- The client retrieves a list of existing profiles and displays this to the user for selection
- The user chooses to make a new profile
- The client POSTs to the profile endpoint to create the profile
- The client swaps the account authentication token for a profile authentication token
- All further calls to the API are authenticated with the profile authentication token
Filtering content
It is the responsibility of the client to know whether the user is logged in using a child profile or not. You will be able to tell from examining the "is_child_profile" key of the list that you obtain in the section below titled "Obtaining a list of profiles".
When the user is logged in as a child profile you should remove any adult content from display:
- Remove any channels from the EPG that have the 'is_adult_rated' flag set to 1
- Programs have an identical rating system and you should also remove them from the EPG listing and avoid showing a details page of their content
Additionally,
- Before allowing a stream to be played or marked for recording you should also check that the associated program is safe for children
Logging in
Authentication is done at an account level; All users will log in with the same account details and then subsequently choose the profile that they want to use for their session or they are automatically selected as default profile.
| Tip | ||
|---|---|---|
| ||
There is no additional PIN or other authentication required in order to use an adult profile. |
The expected user journey is:
- Log in with the account details
- Be presented with a list of available profiles
- Either create a new profile or select one of the profiles in the list
| Warning |
|---|
Although the client is able to read the JWT token this is discouraged as the claim format may change without notice. |
Use cases
Each account can have multiple profiles
It is possible that each account have multiple profiles but they should have different profile names.
GET api/users/v1/users/{user_id}/user_profiles
By calling the above API, it will returns list of profiles of that user
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
{
"data": [
{
"type": "UserProfile",
"id": "84eb61a9-75d4-42c7-8c15-84c3d7776227",
"attributes": {
"name": "Dad",
"user_id": 42,
"is_child_profile": false,
"age_limit": 16,
"is_default": false
},
"links": {
"self": "https://demo.aminocom.com/api/users/v1/5b56765e-fa7b-45d2-8dee-2869ec736cc9/user_profiles/84eb61a9-75d4-42c7-8c15-84c3d7776227"
}
}
]
} |
User can create multiple profiles
An Authorised user can create multiple accounts as long as they have different names.
POST api/users/v1/users/{user_id}/user_profiles
By calling the above API, a profile belongs to that user will be created. Here is an example of a request body to create a profile.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
{
"name": "Dad",
"user_id": 42,
"is_child_profile": false,
"age_limit": 16,
"is_default": false
} |
And response body after the successful call.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
{
"data": [
{
"type": "UserProfile",
"id": "dc11a654-882d-47cb-a971-bb1fc6f0ffd8",
"attributes": {
"name": "Dad",
"user_id": 42,
"is_child_profile": false,
"age_limit": 16,
"is_default": false
},
"links": {
"self": "https://demo.aminocom.com/api/users/v1/5b56765e-fa7b-45d2-8dee-2869ec736cc9/user_profiles/dc11a654-882d-47cb-a971-bb1fc6f0ffd8"
}
}
]
} |
Profile can be set as Child profile
When the profile is created, user can set it as Child profile which contains specific things for children or limit them from sensitive channels or adult contents.
We can set it by set the property "is_child_profile": true in the request body of the following API
POST api/users/v1/users/{user_id}/user_profiles
By default there is one default profile created per account.
When an account is created, the default profile is created correspondingly. The default name of that profile is the account's first name or "Default" if the first name is empty.
User can update information of profiles belong to the account
It is possible to an authorised user can update information of profiles such as name, age limit for the profile, is a child profile or not, is a default profile or not by calling the following API
PATCH api/users/v1/users/{user_id}/user_profiles/{user_profile_id}
Here is an example of request body.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
{
"name": "Dad",
"is_child_profile": false,
"age_limit": 16,
"is_default": true
} |
Not all fields are required, just necessary fields are patched. For example, if user wants to update name of the profile, the request body requites field "name".
User can remove profiles which belong to the account
It is possible to an authorised user can remove profiles by calling the following API
DELETE api/users/v1/users/{user_id}/user_profiles/{user_profile_id}
At the initial user login, the default profile is returned automatically without asking the user to select
When user login, the response body includes "accessToken", "refreshToken" which can be decoded. Field "profile" in the decoded result will be the default profile and is used for actions of user.