Articles in this section

Web API Authentication

Avatar
Julien Villers
  • Updated
Follow

Introduction

To access the web API, you have two ways to authenticate requests:

  • IP Address: only machine(s) with given IP will have access to the API
  • User and key: you should retrieve a Token from the API with you user/key and then, pass the Token along all requests you do.

You can choose to use either or both, but at least one method must be selected.

Access token retrieval

You should issue a POST request to /Token endpoint, in form-urlencoded format

Request:

POST /Token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
 
grant_type=password&username=john%40example.com&password=3cdbdda34160…

Parameters are:

  • grant_type: fixed string with ‘password’ value.
  • username: API user.
  • password: API key encrypted with given RSA public key. It should be in hex or base64 format.

The Multicam public key is also available in base64:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynqY4P5mfcYttT840IgPtQxQXZNbHnYROPl5oU8wSiC3PepF/cjYNReva+4/5RZYSOR0ZqZmTZiJbxhdF7icmydIpi3IFFtfNZwXNyDT5176EOyuhtNjLehwqFupHJ+3VYTUzqZPEMXC1jVilfIGVKJEGLgz4d5UpYrqFiodyJ/JZ+Qj1hyJV0QHSm8V9fUz6RCXFiUMo4oDEakh78eQXSM+lM1FVkfGut42C1prpyouhkIMfsYA2XOOkjiVxYOwy0TEb+/QTvJAzOzPNU1OR9s9e8Uvw8cD8O1+gc9SDNO1FfUMJFnLdG9nhTFTQusM/cGEV4TAW4op8O+LbyZonQIDAQAB

It has a RSA only cypher type.

Here's an example of using JSEncrypt to transform a multicam password to the encrypted password expected on the Multicam side ('input_myclearpassword_or_apikey' here references an input's form field):

var crypt = new JSEncrypt();
crypt.setKey("-----BEGIN PUBLIC KEY-----" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAynqY4P5mfcYttT840IgP" +
"tQxQXZNbHnYROPl5oU8wSiC3PepF/cjYNReva+4/5RZYSOR0ZqZmTZiJbxhdF7ic" +
"mydIpi3IFFtfNZwXNyDT5176EOyuhtNjLehwqFupHJ+3VYTUzqZPEMXC1jVilfIG" +
"VKJEGLgz4d5UpYrqFiodyJ/JZ+Qj1hyJV0QHSm8V9fUz6RCXFiUMo4oDEakh78eQ" +
"XSM+lM1FVkfGut42C1prpyouhkIMfsYA2XOOkjiVxYOwy0TEb+/QTvJAzOzPNU1O" +
"R9s9e8Uvw8cD8O1+gc9SDNO1FfUMJFnLdG9nhTFTQusM/cGEV4TAW4op8O+LbyZo" +
"nQIDAQAB" +
"-----END PUBLIC KEY-----");
var enc = crypt.encrypt($('#input_myclearpassword_or_apikey').val());

The JSEncrypt.encrypt function already returns a base64 encoded result, so the 'enc' value is to be used directly as the encrypted password on the Multicam OAuth flow.

In case of success, API returns:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
     "access_token":"AQAAANCMnd8BFdERjHoAwE_Cl…QBYJXs1",
     "token_type":"bearer",
     "expires_in":1209599
}

Request authentication

Access token (access_token field) have to be added to all requests’ headers in Authorization field, with Bearer scheme:

Authorization: Bearer AQAAANCMnd8BFdERjHoAwE_Cl…QBYJXs1

In case of error, API returns:

HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
{
    "error":"invalid_grant"
}

Attached files

At the end of the article, you'll find the javascript used in our swagger page to authenticate with Multicam.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk