How to update SRG-SSR OAuth Security

Documentation

OAuth is an authorization protocol that enables apps to access information on behalf of users without requiring users to divulge their username and password.

The Bearer Token is valid for 7 days and no longer 21 days, so adjust the code accordingly.

With OAuth, security credentials (such as username/password or key/secret) are exchanged for an access token. For example:

joe:joes_password (username:password) or

Nf2moXXXXXXeUmXVdDhlXXXaXm2U7eMc:unUOXYpPe74ZfLEb (key:secret)

becomes something like:

b0uXXXXXZLEo4lEu7ky2XXxHkanN

The access token is a random string of characters and is temporary (it should expire after a relatively short time), so passing it around to authenticate a user in an app workflow is much more secure than passing around actual credentials.

oauth client credential flow illustration

Important:

If you have never used the our service before then first go to My Apps, log in if asked and click the ADD A NEW APP button. Fill in a name for your app. The callback URL can be left empty. Click 'CREATE APP'.

Click on your newly created app and notice the values of 'CONSUMER KEY' and 'CONSUMER SECRET'.

These are your credentials in the call to the accesstoken endpoint. Do not use your own username and password for any API calls!

Please make a HTTP:POST request for accessToken by passing Client_Credentials like below.

curl -X POST \
  'https://api.srgssr.ch/oauth/v1/accesstoken?grant_type=client_credentials' \
  -H 'Authorization: Basic base64<ClientId:CleintSecret>' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Length: 0' \
  -H 'Postman-Token: XX264e32-2de0-f1e3-f3f8-eab014bbXX76'

Response

{
  "issued_at" : "1466025769306",
  "application_name" : "716bbe61-f14a-4d85-9b56-a62ff8e0d347",
  "scope" : "",
  "status" : "approved",
  "api_product_list" : "[helloworld_oauth2-Product]",
  "expires_in" : "3599", //--in seconds
  "developer.email" : "nigel@example.com",
  "token_type" : "BearerToken",
  "client_id" : "XXnREu1DNGfiwzQZ5HUN8XXUwZSW1GZW",
  "access_token" : "XXPY9VUHCqKVMRBXXHxnmAp0RXc0",
  "organization_name" : "myOrg",
  "refresh_token_expires_in" : "0", //--in seconds
  "refresh_count" : "0"
}

Please use received accessToken for OAuth protected API endpoint for access.

curl -X GET \
  'http://api.srgssr.ch/rts/archives/v2/audios' \
  -H 'Authorization: Bearer <accesstoken>' \
  -H 'Cache-Control: no-cache' \
  -H 'Postman-Token: 561XX353-805e-4974-66XX-5efXX86e2d80'

Whatch our short video, how we do that with Curl and Postman:

The referenced media source is missing and needs to be re-embedded.

Easy description to get an accessToken

Step 1.

Info: The Bearer Token is now valid for 7 days and no longer 21 days, so adjust the code accordingly.

Get your ConsumerKey & ConsumerSecret by creating your App in "My Apps"

Step 2.

Encode ConsumerKey & ConsumerSecret (output will be used in curl-request):

$ echo -n ConsumerKey:ConsumerSecret | base64

Step 3.

Use Encoded ConsumerKey & ConsumerSecret in curl-request:

curl -X POST \

  'https://api.srgssr.ch/oauth/v1/accesstoken?grant_type=client_credentials' \

  -H 'Authorization: Basic <Encoded Consumer Key & Consumer Secret>' \

  -H 'Cache-Control: no-cache' \

  -H 'Content-Length: 0' \

  -H 'Postman-Token: [token]'

Step 4.

Use received access_token in curl request:

curl -X GET \

  'http://api.srgssr.ch/rts/archives/v2/audios' \

  -H 'Authorization: Bearer <access_token>' \

  -H 'Cache-Control: no-cache' \

  -H 'Postman-Token: [token]'

Ralph from our community has described a very easy to use documentation "how to get an accessToken"

thanks, Ralph!

Documentation

Step 1.

Step 2.

Step 3.

Step 4.

About us

Contact