Shakr API incorporates OAuth 2.0 framework for authentication. Specifically, it uses Client Credentials Grant, which enables service-to-service authentication without user account. You can learn more about this grant type with websites below.
- IETF RFC 6749 - The OAuth 2.0 Authorization Framework
- OAuth 2.0 Simplified - Client Credentials Grant
- Auth0 Docs - Client Credentials Flow
To authenticate using Client Credentials Grant, set
grant_type parameter to
client_credentials, and provide your API credentials to
access_token is returned as a response to your HTTP request, and you can store this token and use it whenever you make an API request.
In most cases, you can find pre-built OAuth 2.0 libraries for your programming language of choice. Almost all libraries natively support Client Credentials Grant, so you can use them to implement authentication to Shakr API.
Here are OAuth 2.0 libraries for few programming languages:
And here are examples of retrieving access token using a library.
When you get an access token using standard
client_secret parameters, you get a server access token. This type of token has access to all resources created by your application, as well as creating a new resource such as new video. Since it has an unrestricted permission, we strongly recommend storing this token only on server and never expose it to client's browser.
To learn more about getting server access token, refer to Get a server access token.
Access token expiration
For now, server access token lasts indefinitely. We plan to introduce expiration date for security in the future, so we encourage you to use a library that handles token expiration.
There are other type of access token called scoped access token, which has restrictive permissions. This type of token can be used in scenarios where you need to expose access token to client's browser, such as integrating Editor SDK.
To learn more about use case that involves scoped access token, refer to Create videos with Editor SDK.