Authentication - Straas/Straas-web-document GitHub Wiki

To make authenticated calls to StraaS APIs, you will retrieve client_id and client_secret by creating an application in StraaS CMS. Once you obtain secrets, you can start to make authenticated requests. StraaS APIs use token-based authentication. The BEARER token should be provided in an Authorization header for all API calls.

Create an application

Before using any APIs, you should create applications in the StraaS CMS application settings page.

There are several types of applications used in different application roles.

Server application represents an account role and is able to generate an application token which owns access permissions of app APIs. It is usually used in your server side.

Mobile application is used in mobile SDK for both Android and iOS. It allows SDK to grant access to StraaS service. If your requirements involve a member system (i.e. your client is a logging user instead of a guest), you can create a member token for your member to retrieval more powerful functions such as broadcasting.

Browser application is used in web SDK. Currently, a new browser application is created automatically when the SDK is executed under a new domain name. You may create it yourself to limit the domain access in the future.

After creating a server application, you will obtain a client_id and a client_secret. The following sessions will show you how to get an application token with client_id and client_secret.

For mobile app developers, please refer to Android authentication and iOS authentication to learn how to create a mobile application for credential settings and also learn how to integrate StraaS SDK into your mobile app.

Access tokens

There are two kinds of access tokens, app tokens and member tokens, indicating different roles and privileges.

Application token grants access to app APIs, which are used to access the assets including videos, playlists, monetization settings and the member’s data under a specific StraaS account. Most actions can be achieved by app APIs.

Member token represents the privileges of a StraaS login user who is also in your member system. StraaS members can access their own assets such as a paid video or a public playlist with member tokens by StraaS SDK.

NOTE that for security reason, each token will be expired 24 hours after created. Please implement the related cache to improve the performance

Get an application token

To get an application token, you should get the client_id and the client_secret from an application which is explained above.

Send a POST request to create app token API to get a valid access token:

curl -X POST --header 'Content-Type: application/json' \
--header 'Accept: application/json' \
-d '{"client_id":"<YOUR_CLIENT_ID>","client_secret":"<YOUR_CLIENT_SECRET>"}' \
'https://app.straas.net/api/v1/app/token'

A success response will look like this:

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhcHBfaWQiOjg4MywiZXhwIjoxNDY4NTcyNDMyfQ.mfSXrlBtGLckF3X3Ig5sCH-wX2-9grOpXw0BOsM_PWs"
}

Get a member token

To get a member token, you need to get an application token and create a StraaS member first (How to create a StraaS member?).

Send a POST request to create member token API to get a member token for your client:

curl -X POST -H 'Accept: application/json' \
-H "Authorization: Bearer <YOUR_APP_TOKEN>" \
-H "Content-Length: 0" \
"https://app.straas.net/api/v1/app/members/<MEMBER_ID>/token"

The <YOUR_APP_TOKEN> is the app token that you get from create app token API.
The <MEMBER_ID> is your member's id that you passed to the API when create a new member.

A success response will look like this:

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhcHBfaWQiOjEsImV4cCI6MTQ2NzM0OTMyOX0.5tVqlHFU5ZooFlgNWyNTz5ZfVLV8veDjYqBtGb3HnAI"
}

Make authenticated API requests

Once you get the token, you can add the following header to your request to make an authenticated request: Authorization: Bearer <YOUR_TOKEN>. The <YOUR_TOKEN> is the value of the app token(for app APIs).

Example:

curl -X GET -H "Accept: application/json" \
-H "Authorization: Bearer <YOUR_TOKEN>" \
"https://app.straas.net/api/v1/app/videos?page=1&per_page=10"
⚠️ **GitHub.com Fallback** ⚠️