Skip to main content

Authentication

You have three different methods offered for member identification — which allows you to obtain a token to perform actions on their account.

OAuth 2.0

This is the most recommended method, compatible with OAuth 2.0 libraries available in most languages.

Send the user to the authorization page where they must log in:

https://www.betaseries.com/authorize

With the following GET parameters:

  • client_id: Your API key.
  • redirect_uri: The URI to redirect the client to process the authorization code.

Once the client is identified, they are redirected to redirect_uri with the GET parameter code. On this page, you must call the API to retrieve the user token:

POST https://api.betaseries.com/oauth/access_token

With the following POST parameters:

  • client_id: Your API key.
  • client_secret: The secret key provided in your key information.
  • redirect_uri: The callback address you had already provided for the first part.
  • code: Code retrieved by the first part of the identification.

The API then returns the user token in this form:

access_token=42284998e2ce

Identification by code

If your application is installed on a device with limited writing capabilities (like a television), it is possible for you to offer your user to identify themselves by typing a code on another device, like their smartphone or computer.

For this, you must first call the method /oauth/device to have the information to display to your user:

POST https://api.betaseries.com/oauth/device

The return will be similar to this:

{
"device_code": "1c2b45bb95ca670a2fca54ddc9a58b63",
"expires_in": 1800,
"interval": 5,
"user_code": "975-820",
"verification_url": "https://www.betaseries.com/device"
}

You must display the user_code to your user, indicating to go to verification_url. Meanwhile, your application must periodically call (here every 5 seconds) the API method oauth/access_token waiting for identification.

POST https://api.betaseries.com/oauth/access_token

With the following POST parameters:

  • client_id: Your API key.
  • client_secret: The secret key provided in your key information.
  • code: The device_code returned in the previous method.

As soon as your user is identified, a token will be returned, and you can use the API with their account.

Similar to OAuth

A simpler but non-conventional version of OAuth. First, you must retrieve a key necessary for identification via the API:

POST https://api.betaseries.com/members/oauth

Once the key is retrieved, send your user to the identification page:

https://www.betaseries.com/oauth?key=XXXXXXXX

If the identification is successful, the user will be redirected to the callback URL you configured for the key, with the token as a GET parameter.

Basic identification

This is the first proposed identification, which still works but should always be used in HTTPS since the username and password are sent in the same request.

POST https://api.betaseries.com/members/auth

With the following POST parameters:

  • login: User name or email address
  • password: Password encrypted in MD5

The API then returns the information of the identified member as well as the token you just created.