Skip to main content

Search

Ravnur Knowledge Base

RMS API Authentication

Alla Blinova
  • Updated

Only authenticated users can access RMS resources. RMS API authentication supports API Key Authentication for client identification followed by JWT token Bearer Authentication for request security

 

API Key Authentication is a simple method for clients to authenticate themselves to the RMS API. This method involves including a unique API key in the request to verify the client's identity.

Method: RMS assigns a unique key to each client accessing the API

Required User Actions:

Step 1: Include your API key as part of the request to authenticate yourself

POST https://{{apiEndpoint}}/auth/token 

{
    "subscriptionId": "{{subscriptionId}}", 
    "apiKey": "{{rmsApiKey}}"
}

apiEndpoint- an RMS domain that you can find in Azure Front Door using this guide.

subscriptionId - the value that you can locate in the RMS Console > API Key Management tab > "AZURE_SUBSCRIPTION_ID"APIKeys.png

apiKey - the value that enables access to RMS API, learn more. 

Ensure you selected a correct account when using its apiKey. The screenshot shows a serlected default account on the top. Click the account you intend to use from there.

The subscriptionId ensures that the request is associated with the correct RMS account, while the apiKey authenticates the specific client making the request.

Step 2: Obtain a generated token. Upon successful authentication, a token will be generated and returned in the response.

RMS supports manual API key revocation (rotation). The client can request a new API key making the previous one automatically invalid. This feature is beneficial in case a key is compromised, allowing the server to revoke the key.

JWT token Bearer Authentication

JWT (JSON Web Token) Token Bearer Authentication is a secure method that involves issuing an access token after the user has authenticated. This token is then used to authorize all subsequent requests.

Method: RMS grants an access token to verify the user’s identity

Required User Actions:

Step 3: Include the obtained token into the request header to make it authorized

Example request

GET  https:{{apiEndpoint}}/subscriptions/{subscription ID}/resourceGroups/{resource group}/providers/Microsoft.Media/mediaServices/{account name}/assets?api-version=2021-06-01
...
Authentication: Bearer {bearer-token}
...
<BODY>

 

Limited session length

Session length is the time a user spends on a website in one session. In the context of RMS, it is limited using the token's expiration, EXP parameter. The session length is set to 1 hour and cannot be modified.

 

When the token expires, the user repeats the process to generate a new JWT token.
Powered by Zendesk