Authentication
The Streamdiver API uses the OAuth 2.0 protocol for authentication and authorization with the client credentials grant flow. It permits a web service to use its own credentials and is commonly used in server-to-server interactions, with no user involved in the authentication. The required clientId and clientSecret are shared during initial tenant creation and must be kept safe.
Given the clientId and secret your application requests an access token from the Streamdiver authorization server at https://sso.streamdiver.com. The token can then be extracted from the response and used to authenticate further requests against protected resources in the Streamdiver API. The tokens by default have a session lifetime of 16 hours.
Note: Refresh tokens will not be granted with this flow as
clientIdandclientSecretcan be used to obtain an access token right away.
Get a Token
A token can be retrieved with a POST request against the Streamdiver authorization server. Given a tenant has been setup, obtaining the token requires:
| Parameter | Description |
|---|---|
tenantShortcode | Abbreviated and unique version of the tenant name assigned during onboarding. |
clientId | Application identification value that has been assigned during onboarding. |
clientSecret | Secret used by a client (application) to authenticate with the authorization server, it is known only the client and the authorization server. |
These credentials are obtained during initial tenant creation, if you are unsure or missing information contact our support.
Token endpoint: https://sso.streamdiver.com/realms/{tenantShortcode}/protocol/openid-connect/token
To request a token:
curl --request POST \
--url https://sso.streamdiver.com/realms/{tenantShortcode}/protocol/openid-connect/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data client_id={clientId} \
--data client_secret={clientSecret}
Expected response:
{
"access_token":"eyJ...sAQ",
"expires_in":7200,
"refresh_expires_in":0,
"token_type":"Bearer",
"not-before-policy":0,
"scope":"email profile"
}
Use a Token
Authentication against the Streamdiver API is performed with Bearer authentication. Similar to Basic authentication, Bearer authentication should only be performed over HTTPS. The token retrieved earlier must be send in the Authorization header.
curl --request GET \
--url https://api.streamdiver.com/v2/tenants/current/settings \
--header 'Authorization: Bearer {token}' \
--header 'Content-Type: application/json'