Pre-requisites
- You must have signed up for an API Developer Account, subscribed to a plan and been provided a ClientId and ClientSecret from MediaValet.
- Please read through our API documentation at the following link to answer any questions not found below: https://docs.mediavalet.com/#:~:text=General%20Information-,Authentication,-Currently%2C%20we%20support
- We support the OAuth 2.0 (OIDC) Auth Code Flow and Resource Owner Password Flow authentication mechanisms at this time. Our implementation is fully OIDC-conformant.
- Auth Code Flow involves exchanging an authorization code for a token. This workflow is recommended when building out a secure application integration as the application's authentication methods are included in exchange and are kept secure.
As this is a redirection-based workflow, the third-party client must be capable of interacting with the resource owner's user-agent (i.e. a web browser) and capable of receiving incoming requests from MediaValet's authorization server.
More information on this workflow can be found in the links below - Resource Owner Password Flow allows for the exchange of the username and password of a user for an access token and optionally, a refresh token.
While we do discourage using this workflow as the default authentication mechanism for security reasons (the resource owner's password is exposed to the application), this is the preferred method for enforcing a non-interactive authentication workflow. - (COMING SOON!) Our team is also working towards building the Client Credentials Flow which will be the preferred authentication method once implemented.
- Auth Code Flow involves exchanging an authorization code for a token. This workflow is recommended when building out a secure application integration as the application's authentication methods are included in exchange and are kept secure.
Authorize Endpoint (/connect/authorize)
This is a starting point for browser-based OpenID Connect flows such as the authorization code flow. This request authenticates the user and returns tokens along with an authorization grant to the client application as a part of the callback response.
Request Parameters:
Token Endpoint (/connect/token)
This endpoint returns access tokens, ID tokens, and refresh tokens, depending on the request parameters. For refresh token flow, calling /token is the only step of the flow. For the authorization code flow, calling /token is the second step of the flow (/Authorize being the first one).
Request Parameters:
Response Properties: