Authenticating with api.video API

With api.video, every call to the API requires authentication. In order to authenticate against the API, you have two options at your disposal:

  1. Basic Authentication
  2. Bearer token authentication

Each of these methods has its advantages. You can choose either of the authentication methods that suit your security needs.

When using the api.video client libraries, the Disposable Bearer token will be applied by default.

  • Basic authentication is great for quick testing (with Postman for example) and will be quicker to implement if you decide to write your own wrapper for the API.

  • Disposable bearer token authentication is more secure, and as it is built into the api.video client libraries, it would be our recommended method of authentication. While it's a bit more complex to implement if you decide to write your own wrapper for the API.

Retrieve your api.video API key

You'll need your API key to get started. You can sign up for one here: Get your api.video API key!. Then follow the below steps:

  1. Log in to the api.video dashboard.
  2. From the list of choices on the left, make sure you are on API Keys
  3. You will always be able to choose to use your Sandbox API key. If you want to use the Production API key instead, select a plan and enter your credit card information.
  4. Grab the key you want, and you're ready to get started!

Managing the API keys in the Dashboard

Basic Authentication

Basic Authentication is a method for an HTTP user agent (e.g., a web browser) to provide a username and password when making a request.

When employing Basic Authentication, users include an encoded string in the Authorization header of each request they make. The string is used by the request’s recipient to verify users’ identity and rights to access a resource.

This method will allow you to use a simple way of authentication. By sending your API key in the Basic Auth header as username.

Usage

Here's an example of how to make a request with Basic Authentication to api.video:

$ curl -u apikey: https://sandbox.api.video/

Bearer Token Authentication

Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens. The name “Bearer authentication” can be understood as "give access to the bearer of this token." The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send the token in the Authorization header when making requests to protected resources.

api.video provides an enhanced security authentication method, which uses a disposable bearer token that has a short time to live and has to be refreshed every 3600 seconds.

A diagram that shows how disposable bearer tokens can be created, used, and refreshed A diagram that shows how disposable bearer tokens can be created, used, and refreshed

Bearer token authentication is simple to set up and use; however, we encourage you to use one of our client libraries if possible. api.video client libraries handle authentication for you, including renewing your token as needed.

Usage with cURL

With the Bearer Token method, there are two endpoints at your disposable in order to generate the access token.

  1. You have to make a request to the /auth/api-key endpoint in order to get the bearer token
curl -X POST \
https://sandbox.api.video/auth/api-key \
-H 'Content-Type: application/json' \
-d '{"apiKey": "your API key here"}'
  1. Once you've got the response from the API, you can use the token in the response in order to authenticate against any other endpoint with the access token:
{
  "token_type": "Bearer",
  "expires_in": 3600,
  "access_token": "xxXXX.Yyyyyy",
  "refresh_token": "yyyYYY.XxxXXXxx"
}
curl --location 'https://sandbox.api.video/videos' \
--header 'Authorization: xxXXX.Yyyyyy'
  1. When the token TTL has expired, you can then use the refresh token you've received from the response earlier in order to get a new token:
curl --request POST \
     --url https://sandbox.api.video/auth/refresh \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{"refreshToken": "jwt_bearer_token"}'

Usage with client libraries

The simplest way, of course, is using the api.video client libraries. You can find an example of how to authenticate below:

package main

import (
    "context"
    "fmt"
    "os"
    apivideosdk "github.com/apivideo/api.video-go-client"
)

func main() {
    client := apivideosdk.ClientBuilder("YOUR_API_TOKEN").Build()
    // if you rather like to use the sandbox environment:
    // client := apivideosdk.SandboxClientBuilder("YOU_SANDBOX_API_TOKEN").Build()
        
    authenticatePayload := *apivideosdk.NewAuthenticatePayload("ApiKey_example") // AuthenticatePayload | 

    
    res, err := client.Authentication.Authenticate(authenticatePayload)

    if err != nil {
        fmt.Fprintf(os.Stderr, "Error when calling `Authentication.Authenticate``: %v\n", err)
    }
    // response from `Authenticate`: AccessToken
    fmt.Fprintf(os.Stdout, "Response from `Authentication.Authenticate`: %v\n", res)
}
<?php
require __DIR__ .'/vendor/autoload.php';

use Symfony\Component\HttpClient\Psr18Client;
use ApiVideo\Client\Client;
use ApiVideo\Client\Model\VideoCreationPayload;

$apiKey = 'your API key here';
$apiVideoEndpoint = 'https://ws.api.video';

$httpClient = new \Symfony\Component\HttpClient\Psr18Client();
$client = new ApiVideo\Client\Client(
    $apiVideoEndpoint,
    $apiKey,
    $httpClient
);

/* Your refresh token is handled for you */
const ApiVideoClient = require('@api.video/nodejs-client');

(async () => {
    try {
        const client = new ApiVideoClient({ apiKey: "YOUR_API_TOKEN" });
		}
})();
## Use your api.video api key to retrieve an access token for use with the api.video
## API. Access tokens are good for one hour.

import apivideo

api_key = "your api key here"
client = apivideo.AuthenticatedApiClient(api_key)

## If you prefer to use the sandbox environment:
## client = apivideo.AuthenticatedApiClient(api_key, production=False)

client.connect()

## You can view the object like this. Use this for reference and testing only.

print(client.__dict__)
using System.Collections.Generic;
using System.Diagnostics;
using System;
using System.IO;
using ApiVideo.Api;
using ApiVideo.Client;
using ApiVideo.Model;

namespace Example
{
    public class Example
    {
        public static void Main()
        {
            var apiKey = "YOUR_API_KEY";

            var apiVideoClient = new ApiVideoClient(apiKey);
            // if you rather like to use the sandbox environment:
            // var apiVideoClient = new ApiVideoClient(apiKey, ApiVideo.Client.Environment.SANDBOX);
        }
    }
}

Was this page helpful?