Skip to main content
Skip table of contents

Business Configuration Manager (BCM) API documentation: non-core

Important

Access and authentication information

There are three categories of API:

  • Client APIs – used by client applications
  • Operator APIs – used by operators
  • Admin APIs – used for communication between modules

The categorised lists of APIs are available in Service endpoint categories.

The subdomain used for API calls is different for each external-facing API category:

  • Client APIs use the api subdomain.
  • Operator APIs use the operator subdomain.

Both client and operator APIs require authentication – these are detailed in the Client APIs and Operator APIs sections below.

Client APIs

OpenTV Platform uses NGINX to ensure that only authenticated clients can use client-facing APIs. It expects the client to supply the token that it received at signon, as:

  • An authorization header with prefix in the value of Bearer,
  • A Client-token header,
  • A query string parameter in the URL, or
  • If the request is a POST, token in the post arguments.

For backward-compatibility, the older MediaLive Identity Token is still supported.

NGINX validates and decodes the token and passes it on to the module as a token in the header – which is why the following API documentation may refer to token rather than the options mentioned above.

Operator APIs

All operator APIs use Keycloak to authenticate the caller before requests can be made. This is explained in detail in Accessing operator APIs using Keycloak.

See also


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.