There are three categories of API:
- Client APIs – used by client applications
- Operator APIs – used by operators
- Admin APIs – used for communication between modules
The categorised lists of APIs are available in Service endpoint categories.
The subdomain used for API calls is different for each external-facing API category:
- Client APIs use the
api subdomain. - Operator APIs use the
operator subdomain.
Both client and operator APIs require authentication – these are detailed in the Client APIs and Operator APIs sections below.
Client APIs
OpenTV Platform uses NGINX to ensure that only authenticated clients can use client-facing APIs. It expects the client to supply the token that it received at signon, as:
- An
authorization header with prefix in the value of Bearer, - A
Client-token header, - A query string parameter in the URL, or
- If the request is a POST,
token in the post arguments.
For backward-compatibility, the older MediaLive Identity Token is still supported.
NGINX validates and decodes the token and passes it on to the module as a token in the header – which is why the following API documentation may refer to token rather than the options mentioned above.
Operator APIs
All operator APIs use Keycloak to authenticate the caller before requests can be made. This is explained in detail in Accessing operator APIs using Keycloak.
