OAuth2 App Registration

An Overview

Flex Media Platform allows external applications and services to make use of the Flex Media Platform APIs. Access to these APIs is authenticated using OAuth2 access tokens. Each time an external application or service wishes to access the Flex Media Platform APIs, a valid access token must be generated.

To obtain an access token, the application or service must be registered with the Flex Authentication service. Once an application has been registered, a client secret and client ID is provided so that a valid access token can be generated each time.

Note: You only need to register an application once.

Registering an Application with the Authentication Service

To register an application, you must use the /applications endpoint. The details for this can be found below.

To access the /applications API, you need a special key called an application-registration-key. You can find this in consul here: flex/shared/authentication/oAuth/appRegistrationKey

This key is provided to the API through the X-App-Registration-Key header. Please ask your system administrator for this app registration key.

Example:

api/authentication/applications/ (GET)

Header:

X-App-Registration-Key: oVWbQX4kJuez9qrAw9Gl6J45DqCAxfQPNUoNVnI9H7LHKLd6
Note: Every /applications request must contain this header.

Registering Each Application

To register an application with the Authentication service, use the following endpoint:

/api/authentication/applications (POST)

Header:

X-App-Registration-Key: oVWbQX4kJuez9qrAw9Gl6J45DqCAxfQPNUoNVnI9H7LHKLd6
Table 1.
Field Data Type Mandatory Description
applicationName String Yes The name of the application that is being registered with the Authentication service.
description Strimg Yes This is the description for the application.

Example body:

      {
	applicationName: <name_of_the_application>,
	description: <description_of_the_application>
      }

Example response:

        {
        id: 1,
        clientId: “132ef0db-336a-436b-a2f2-ee5c49e1b964”,
        clientSecret: “dfjgfdhgjdfgkdffjkdsfsdf”,
        applicationName: “Reviewer”,
        description: “Tool to review media”
        }
    

Updating the Description of an Application

To update the details of an application that is registered with the Authentication service, use the following endpoint:

/api/authentication/applications/{applicationId}
(PUT)

Header:

X-App-Registration-Key: oVWbQX4kJuez9qrAw9Gl6J45DqCAxfQPNUoNVnI9H7LHKLd6 X-App-Registration-Key: oVWbQX4kJuez9qrAw9Gl6J45DqCAxfQPNUoNVnI9H7LHKLd6
Table 2.
Field Data Type Mandatory Description
applicationName String Yes The name of the application that is being registered with the Authentication service.
description Strimg Yes This is the description for the application.

Example body:

{
	applicationName: <name_of_the_application>,
	description: <description_of_the_application>
}  

Example body

{ id:1, clientId: “132ef0db-336a-436b-a2f2-ee5c49e1b964”, clientSecret: “dfjgfdhgjdfgkdffjkdsfsdf” }

Retrieving Single Application Details

To retrieve the details of an application that is already registered with the Authentication service, use the following endpoint:

/api/authentication/applications/{applicationId} (GET)

Header:

X-App-Registration-Key: oVWbQX4kJuez9qrAw9Gl6J45DqCAxfQPNUoNVnI9H7LHKLd6

Example response:

{
		id: 1,
		applicationName:<name_of_application>,
		description: <description_of_the_aplication>,
		clientId:“132ef0db-336a-436b-a2f2-ee5c49e1b964”,
		secret:“dfjgfdhgjdfgkdffjkdsfsdf”
}
  

Delete Single Application Details

This endpoint deletes the details for an application that has been registered with the Authentication service. When you use this endpoint, you are unregistering the application.

/api/authentication/applications/{applicationId} (DELETE)

Header:

X-App-Registration-Key: oVWbQX4kJuez9qrAw9Gl6J45DqCAxfQPNUoNVnI9H7LHKLd6
Note: Once you delete this application (unregister the application) you will no longer be able to obtain OAuth access tokens using the client ID and client secret for that application.

Obtaining a Authorisation Token

To obtain a token, use the /oauth/token?grant_type=client_credentials (GET) request.

You must use Basic Authentication. In the Username field, enter the client ID and in the Password field, enter the client secret.

When you have done this, copy the token from the response.

Example:

        {
        "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJjbGllbnRfY3JlZGVudGlhbHNfZGVmYXVsdF9zY29wZSJdLCJleHAiOjE1MzcyODQ5NzIsImp0aSI6IjJhZDZmZDU1LTZiOWYtNDc1Yi1iMWVhLTg3YzdmOWFjYmRjYyIsImNsaWVudF9pZCI6IjkwZWU3NTQ3LTc3M2YtNDA3Zi1iNmI4LTA1ZjY0NDFjMjk5OSJ9.hWS8wmnMwtVQrcgjlabNDmt2mLnCgGcOGsO7jmOBAxI",
        "token_type": "bearer",
        "expires_in": 3599,
        "scope": "client_credentials_default_scope",
        "jti": "2ad6fd55-6b9f-475b-b1ea-87c7f9acbdcc"
        }
    

Using the Authorisation Token

The OAuth2 access token that is generated must be used as an authorisation bearer token.

In the API tool of your choice (such as Postman), select “Bearer Token” as the method of authorisation. Then enter the OAuth access token you have generated.

Specify a header as: “actAsUserId. By specifying the ID of a user, this header enables you to authenticate on behalf of that user.

Note: A token expires after one hour. When a token expires, you must obtain another one using your client ID and secret.
https://help.ooyala.com/sites/all/libraries/dita/en/media-logistics/flex/user/70/oauth2_app_registration.html

Was this article helpful?