Authentication
You have three different methods offered for member identification — which allows you to obtain a token to perform actions on their account.
OAuth 2.0
This is the most recommended method, compatible with OAuth 2.0 libraries available in most languages.
Send the user to the authorization page where they must log in:
https://www.betaseries.com/authorize
With the following GET parameters:
client_id
: Your API key.redirect_uri
: The URI to redirect the client to process the authorization code.
Once the client is identified, they are redirected to redirect_uri
with the GET parameter code
. On this page, you must call the API to retrieve the user token:
POST https://api.betaseries.com/oauth/access_token
With the following POST parameters:
client_id
: Your API key.client_secret
: The secret key provided in your key information.redirect_uri
: The callback address you had already provided for the first part.code
: Code retrieved by the first part of the identification.
The API then returns the user token in this form:
access_token=42284998e2ce
Identification by code
If your application is installed on a device with limited writing capabilities (like a television), it is possible for you to offer your user to identify themselves by typing a code on another device, like their smartphone or computer.
For this, you must first call the method /oauth/device
to have the information to display to your user:
POST https://api.betaseries.com/oauth/device
The return will be similar to this:
{
"device_code": "1c2b45bb95ca670a2fca54ddc9a58b63",
"expires_in": 1800,
"interval": 5,
"user_code": "975-820",
"verification_url": "https://www.betaseries.com/device"
}
You must display the user_code
to your user, indicating to go to verification_url
. Meanwhile, your application must periodically call (here every 5 seconds) the API method oauth/access_token
waiting for identification.
POST https://api.betaseries.com/oauth/access_token
With the following POST parameters:
client_id
: Your API key.client_secret
: The secret key provided in your key information.code
: The device_code returned in the previous method.
As soon as your user is identified, a token will be returned, and you can use the API with their account.
Similar to OAuth
A simpler but non-conventional version of OAuth. First, you must retrieve a key necessary for identification via the API:
POST https://api.betaseries.com/members/oauth
Once the key is retrieved, send your user to the identification page:
https://www.betaseries.com/oauth?key=XXXXXXXX
If the identification is successful, the user will be redirected to the callback URL you configured for the key, with the token as a GET parameter.
Basic identification
This is the first proposed identification, which still works but should always be used in HTTPS since the username and password are sent in the same request.
POST https://api.betaseries.com/members/auth
With the following POST parameters:
login
: User name or email addresspassword
: Password encrypted in MD5
The API then returns the information of the identified member as well as the token you just created.