How to update SRG-SSR OAuth Security

OAuth is an authorization protocol that enables apps to access information on behalf of users without requiring users to divulge their username and password.

With OAuth, security credentials (such as username/password or key/secret) are exchanged for an access token. For example:

joe:joes_password (username:password) or

Nf2moHOASMJeUmXVdDhlMbPaXm2U7eMc:unUOXYpPe74ZfLEb (key:secret)

becomes something like:

b0uiYwjRZLEo4lEu7ky2GGxHkanN

The access token is a random string of characters and is temporary (it should expire after a relatively short time), so passing it around to authenticate a user in an app workflow is much more secure than passing around actual credentials.

 

Important:

If you have never used the our service before then first go to My Apps, log in if asked and click the ADD A NEW APP button. Fill in a name for your app. The callback URL can be left empty. Click 'CREATE APP'.

Click on your newly created app and notice the values of 'CONSUMER KEY' and 'CONSUMER SECRET'.

These are your credentials in the call to the accesstoken endpoint. Do not use your own username and password for any API calls!

 

Please make a HTTP:POST request for accessToken by passing Client_Credentials like below.

curl -X POST \
  'https://api.srgssr.ch/oauth/v1/accesstoken?grant_type=client_credentials' \
  -H 'Authorization: Basic base64<ClientId:CleintSecret>' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Length: 0' \
  -H 'Postman-Token: 24264e32-2de0-f1e3-f3f8-eab014bb6d76'

 

Response:

{
  "issued_at" : "1466025769306",
  "application_name" : "716bbe61-f14a-4d85-9b56-a62ff8e0d347",
  "scope" : "",
  "status" : "approved",
  "api_product_list" : "[helloworld_oauth2-Product]",
  "expires_in" : "3599", //--in seconds
  "developer.email" : "nigel@example.com",
  "token_type" : "BearerToken",
  "client_id" : "xNnREu1DNGfiwzQZ5HUN8IAUwZSW1GZW",
  "access_token" : "GTPY9VUHCqKVMRB0cHxnmAp0RXc0",
  "organization_name" : "myOrg",
  "refresh_token_expires_in" : "0", //--in seconds
  "refresh_count" : "0"
}

 

Please use received accessToken for OAuth protected API endpoint for access.

curl -X GET \
  'http://api.srgssr.ch/rts/archives/v2/audios' \
  -H 'Authorization: Bearer <accesstoken>' \
  -H 'Cache-Control: no-cache' \
  -H 'Postman-Token: 56128353-805e-4974-6689-5ef6d86e2d80'