Skip to end of banner
Go to start of banner

Authentication

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 16 Current »

Introduction

The AminoTV API currently has three authentication schemes:

NamePurposePersistenceAuth Mechanism
Management APITo protect the endpoints that customer BSS integration usesN/AIP restriction
Client APIGeneral purpose API calls made by clients on behalf of usersCookie persisted server  sessionHTTP Digest
ServiceA layer of security that identifies the client itselfCookie persisted server  sessionHTTP Digest

Authenticating to the management API

The management API is intended for use exclusively by our customer's business support services and is never made available to general user clients.

We accomplish this by whitelisting the IP address (or addresses) that the customer will make their BSS integration calls from.

There are no further authentication requirements for management API endpoints.


Example client implementations

Java

Our upcoming AndroidTV SDK has support for logging in and managing service authentication.

Sample Java code
sdk.user().login("userName", "password")
    .subscribeOn(Schedulers.io())
    .observeOn(AndroidSchedulers.mainThread())
    .subscribe(
        response -> Toast.makeText(this, "Login successful", Toast.LENGTH_LONG).show(),
        t -> Log.e(TAG, "Failed to login", t)));

Javascript

The official AminoTV SDK has support for logging in and managing service authentication.

Please see the documentation at https://hybridteam.aminocom.com/sdk/api/modules/user/login

Sample Javascript code
sdk.user.login('me@example.com', '12345678')
  .then(() => {
    // Login successful
  })
  .catch(error => {
    // Login failed
  });

Getting a cookie for manual testing with Postman or similar

  1. Use your web-browser to log in normally.
  2. Use the developer inspect tools to look at the headers sent to an API call.
  3. Copy the cookie that your browser sends (see image)
  4. Include that header in your test request too

Authentication Using Access Token

  • A User can be authenticated by using our access token, client should first get the access token using our login end point. See Login and authentication#/User%20Authentication/loginUser
  • The client uses this API provided above to authenticate with the service and retrieve session parameters and access tokens used for authenticating with APIs. A logged in client may call this API to retrieve tokens without supplying the authorization parameters. 
  • All new AminoTV APIs only support token auth. Some users are logged in by cookie, for such cases access tokens can be obtained by cookie - token exchange process,  See https://confluence.aminocom.com/display/MAPI/Cookie-token+exchange for the process. 




  • No labels