/
Authentication

Authentication

Oct 02, 2019

Introduction

The AminoTV API currently has three authentication schemes:

NamePurposePersistenceAuth Mechanism
Management APITo protect the endpoints that customer BSS integration usesN/AIP restriction
Client APIGeneral purpose API calls made by clients on behalf of usersCookie persisted serverĀ  sessionHTTP Digest
ServiceA layer of security that identifies the client itselfCookie persisted serverĀ  sessionHTTP Digest

Authenticating to the management API

The management API is intended for use exclusively by our customer's business support services and is never made available to general user clients.

We accomplish this by whitelisting the IP address (or addresses) that the customer will make their BSS integration calls from.

There are no further authentication requirements for management API endpoints.


Example client implementations

Java

Our upcoming AndroidTV SDK has support for logging in and managing service authentication.

Sample Java code
sdk.user().login("userName", "password")
    .subscribeOn(Schedulers.io())
    .observeOn(AndroidSchedulers.mainThread())
    .subscribe(
        response -> Toast.makeText(this, "Login successful", Toast.LENGTH_LONG).show(),
        t -> Log.e(TAG, "Failed to login", t)));

Javascript

The official AminoTV SDK has support for logging in and managing service authentication.

Please see the documentation at https://hybridteam.aminocom.com/sdk/api/modules/user/login

Sample Javascript code
sdk.user.login('me@example.com', '12345678')
  .then(() => {
    // Login successful
  })
  .catch(error => {
    // Login failed
  });

Getting a cookie for manual testing with Postman or similar

  1. Use your web-browser to log in normally.
  2. Use the developer inspect tools to look at the headers sent to an API call.
  3. Copy the cookie that your browser sends (see image)
  4. Include that header in your test request too