Content Delivery API
Authentication
How to authenticate user requests when using Motto’s Content Delivery API
When using Motto’s Content Delivery API, you will need to authenticate any requests the client makes. This document explains how to do that.
Public key
To authenticate with Motto’s Content Delivery API, you should always provide a standardAuthorization: Bearer <PUBLIC_KEY> HTTP header.
The PUBLIC_KEY is required and is connected to your Motto project.
It allows your end-users to retrieve any public resource inside of that particular project.
Retrieve a public key
Retrieve a public key
To retrieve the
PUBLIC_KEY of your project,
sign in to the Motto Studio and then visit this page.User authentication
The public key as it is described above only authenticates a client to access resources within a project; it does not authenticate a user individually. To authenticate a user with Motto’s Content Delivery API, you should provide a non-standardX-Motto-Token: <JWT> HTTP header.
The JWT is a JSON Web Token that should be generated after the user signs in to a Motto-powered OTT platform application.
Generating a JWT
A user may sign into a Motto-powered OTT platform application using a variety of methods, depending on the platform setup, and each of these methods has a different way of generating theJWT.
Motto managed users
Motto managed users
Third party managed users
Third party managed users
If the OTT platform application is configured to use a third-party identity management integration supported by Motto, like Auth0, Userfront or Kinde,
such an integration will generate a token for you. This token must then be exchanged for a Motto-based JWT.To exchange a third-party token for a Motto-based JWT,
use the exchange token endpoint of the Content Delivery API.
Self-managed users
Self-managed users
In situations where the Motto platform is only partially used (e.g. only for video delivery and protection), you may have your own user management system.
In that case, you can generate a JWT for a user that you have authenticated through a trusted environment controlled by you.
This would let you still use user-specific features of the Content Delivery API, like entitlement checking before letting the user watch a paid event..
To generate a JWT for a user that you have authenticated through a trusted environment controlled by you,
use the create user token endpoint of the Studio API.
Connected TV code linking
Connected TV code linking
If the OTT platform application is a TV app like Apple TV, Android TV, Samsung or LG,
it is not typical to sign in directly on the TV. Instead, it is preferable to show the user a code that they can
enter on a website or mobile app to link their account. This requires three steps:
- (TV) The TV app shows a code to the user. Such a code can be obtained using the create TV code endpoint.
- (Web / Mobile) The user visits the OTT platform’s website or mobile app, and enters the code there; this connects the signed in user to the code in the database. The web or mobile app must the call exchange TV code endpoint.
- (TV) Meanwhile, TV app can poll the status of the connection using the check TV code endpoint. This will return a JWT of the user if the connection was successful.