Skip to main content
When using Motto’s Content Delivery API, you will need to authenticate any requests the client makes. This document explains how to do that.

Public key

To authenticate with Motto’s Content Delivery API, you should always provide a standard Authorization: Bearer <PUBLIC_KEY> HTTP header. The PUBLIC_KEY is required and is connected to your Motto project. It allows your end-users to retrieve any public resource inside of that particular project.
To retrieve the PUBLIC_KEY of your project, sign in to the Motto Studio and then visit this page.

User authentication

The public key as it is described above only authenticates a client to access resources within a project; it does not authenticate a user individually. To authenticate a user with Motto’s Content Delivery API, you should provide a non-standard X-Motto-Token: <JWT> HTTP header. The JWT is a JSON Web Token that should be generated after the user signs in to a Motto-powered OTT platform application.

Generating a JWT

A user may sign into a Motto-powered OTT platform application using a variety of methods, depending on the platform setup, and each of these methods has a different way of generating the JWT.
If the OTT platform application is configured to use Motto’s own user management service, a JWT can be generated directly when the user signs up or signs in.The sign up and sign in endpoints of the Content Delivery API can be used to create and retrieve a JWT.
If the OTT platform application is configured to use a third-party identity management integration supported by Motto, like Auth0, Userfront or Kinde, such an integration will generate a token for you. This token must then be exchanged for a Motto-based JWT.To exchange a third-party token for a Motto-based JWT, use the exchange token endpoint of the Content Delivery API.
In situations where the Motto platform is only partially used (e.g. only for video delivery and protection), you may have your own user management system. In that case, you can generate a JWT for a user that you have authenticated through a trusted environment controlled by you. This would let you still use user-specific features of the Content Delivery API, like entitlement checking before letting the user watch a paid event.. To generate a JWT for a user that you have authenticated through a trusted environment controlled by you, use the create user token endpoint of the Studio API.
If the OTT platform application is a TV app like Apple TV, Android TV, Samsung or LG, it is not typical to sign in directly on the TV. Instead, it is preferable to show the user a code that they can enter on a website or mobile app to link their account. This requires three steps:
  1. (TV) The TV app shows a code to the user. Such a code can be obtained using the create TV code endpoint.
  2. (Web / Mobile) The user visits the OTT platform’s website or mobile app, and enters the code there; this connects the signed in user to the code in the database. The web or mobile app must the call exchange TV code endpoint.
  3. (TV) Meanwhile, TV app can poll the status of the connection using the check TV code endpoint. This will return a JWT of the user if the connection was successful.