/
Cookie-token exchange

Cookie-token exchange

Owned by Phi Le
Last updated: Jun 27, 2019

Introduction

All new AminoTV APIs only support token auth. Some users are logged in by cookie, and it is not necessary to login again to retrieve tokens.


How to do it

  • If the user logged in, the user will have a cookie like this:

  • To get token, the client calls the login api with the above cookie and included mandatory fields "ssid", "usid".
     When calling the API like this, no login parameters (such as the password) are necessary.

Example

  • The user login as usual and get the cookie

  • The user calls the login API with cookie like this to get the token
curl -X POST \
  'https://webui-staging.booxtv.fi/api/user/<email>/login?service=<serviceName>' \
  -H 'Cookie: ssid=56ebf089d750...; usid=ef7b1a4e64ca1...'
  • If it is successful, the user will get the response like this
{
    "userStat": {
        "maxAllowedSession": 1000,
        "currentSession": 2,
        "migrated": false,
        "configuration": 1,
        "emailSubscription": {
            "all": "email"
        },
        "premiumUser": false,
        "streamingOver3G": true,
        "accessToken": [
            "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJjb20uYW1pbm9jb20iLCJhdWQiOiJjb20uYW1pbm9jb20iLCJ0eXBlIjoiYWNjZXNzIiwianRpIjoiNDFRazVpSzMzRyIsImlhdCI6MTU2MDQ0NTE0MiwibmJmIjoxNTYwNDQ1MTQyLCJleHAiOjE1NjA0NDg3NDIsImRhdGEiOnsidXNlcklkIjoiMiIsInVzZXJfZW1haWwiOiJhdXRoX3VzZXJAZW1haWwuY29tIn0sInN1YiI6IjIifQ.Ij5sAjR-hLeT9TPJHqDNe1nGQS_2iFBNYT5NWWWoP74""
        ],
        "refreshToken": [
            "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJjb20uYW1pbm9jb20iLCJhdWQiOiJjb20uYW1pbm9jb20iLCJ0eXBlIjoicmVmcmVzaCIsImp0aSI6Ik5GaGhRSno4QlgiLCJpYXQiOjE1NjA0NDUxNDIsIm5iZiI6MTU2MDQ0NTE0MiwiZXhwIjoxNTYzMDM3MTQyLCJkYXRhIjp7InVzZXJJZCI6IjIiLCJ1c2VyX2VtYWlsIjoiYXV0aF91c2VyQGVtYWlsLmNvbSJ9LCJzdWIiOiIyIn0.7NNRoYHWuLpBh6MOVFsMO-dIi-zyfCinqWR1ytuadac",
            1564216027
        ]
    }
}