Authorisation
Once an access token is obtained, it should be sent with all subsequent requests to the OpenTV Platform. Each service within the platform authorises the request being made by validating that the caller is allowed to make the request and that the parameters supplied are expected based on the caller. The business rules vary between differing APIs; some examples are:
- A client should only be able to return data applicable to it or other devices within the same account.
- A client should only be able to purchase items for itself or other devices within the same account.
- A client should only be able to request content licenses for itself or for playback between itself or another device within the same account.
Authorisation will be transparent between the client and the target API unless there the authorisation fails, in which case an error should be returned. The error will depend on the API used.