Managing API Authentication Credentials

Product(s)
Brightcove Player
Video Cloud
Role(s)
Studio User
API Developer
Topic(s)
Access Control
Administration
Authentication

This topic provides an overview of creating and managing API authentication credentials.

 

When you use the Video Cloud APIs, your method calls will require access tokens unless you enable basic authentication in the Player Service Settings. For more information on enabling basic authentication, see Managing Account Settings.

Creating client registrations

The API Authentication page is used to create new client registrations. When creating registrations, you can select the service and the roles that will be enabled with the registration.

To create a new client registration for your account:

  1. Click the ADMIN link in the Studio header.
  2. Click the API Authentication link. The API Authentication page will open displaying your current client registrations.

    Note: Only the client registrations for the account you are logged into will display.

  3. Click Register New Application.
  4. Enter a Name and Short Description for the client registration.
  5. Select one or more of your accounts for authorization. You can select multiple accounts and click > to add them or click >> to add all accounts. Click < to remove an account or << to remove all accounts.
  6. Select the API(s) and permission(s) to enable for this registration.

    Note: Selecting a large number of accounts and APIs may cause the HTTP header size to become large and invalid. The maximum header size that our server accepts is 8K, which means that you must select 30 accounts or less to apply the credentials to. For security reasons, we recommend that you limit the scope of permissions for a set of credentials to the smallest set of accounts and operations necessary.

  7. Click Save.
  8. A Client ID and Client secret will be returned.

    Note: Copy the client secret and store it in a secure location as the client secret will not be displayed again.

Managing client registrations

The API Authentication page can be used to view and manage client registrations. Click the ADMIN link in the Studio header and then click API Authentication. A list of your current registrations will display.

To view the registration details, click the on the name. From here, you can:

  • Modify the name
  • Copy the client ID
  • Add and remove accounts for authorization
  • Select additional APIs to enable
  • Revoke the credential

Click Save to save your changes.

Note that if a credential is created for multiple accounts, users will only see that credential if they have access to all of those accounts. For example, User 1 creates a credential for accounts A & B. User 2 logs in and only has access to account A. User 2 will not see the credential as they do not have access to account B.

Revoking client registrations

To revoke a client registration, click the Revoke link next to the registration. Revoking a registration permanently disables it and cannot be undone.

OAuth

Working with DFP

If you currently have multiple Video Cloud accounts set up as content sources in DFP, you have two options:

  1. You can create a unique Client ID and Client secret for each Video Cloud account that’s set up as a content source in DFP. For example, if you have 10 Video Cloud accounts, you'd have 10 applications named DFP in your API Authentication settings in Video Cloud.
  2. You can create a single Client ID and Client secret for all Video Cloud accounts that have been set up as content sources in DFP. For example, if you have 10 Video Cloud accounts, you'd have 1 application named DFP in your API Authentication settings in Video Cloud.

Regardless of whether you chose option #1 or #2, for each content source that you set up in DFP, you need to provide a unique Account ID. So, you are not reducing the number of content sources that are currently set up in DFP; you're just replacing the read token with the Client ID and Client secret, which can either be the same across content sources or unique for each.

Option #1 takes more time upfront. However, if the Client ID and Client secret are the same across all content sources (as with option #2), it will be a burden to add a new content source because you will need to generate a new Client ID and Client secret and update all of content sources in DFP. So, Brightcove recommends option #1.