Obtaining an OAuth API Access Token

The Authorization resource provides OAuth 2.0 API access tokens. Other than with OAuth 1.0, OAuth 2.0 does not provide any inherent cryptographic protection of the token but relies on all the requests to be performed via a SSL secured connection. Therefore, all API calls must always be made only using the HTTPS protocol!!

Client  Credential Flow

POST /oauth2/token/

This flow does not deal with an end-user but in this case the application itself is assumed to be the resource owner. The application requests the authorization server for an access token in exchange for client_id and client_secret. The client_id and client_secret are provided when creating an application.

Body Parameters:

• grant_type : Set to 'client_credential' for the client credential flow.
• client_id : The value that was provided when registering the application.
• client_secret : The value that was provided when registering the application.
• scope : Desired scopes. If more than one, comma-separated. Currently, the following scopes are defined:
  -"me": Gives access to account owner's personal data via the "Users" API
  -"mediahub": Gives access to all MediaHub APIs (except autograph features) permitting all actions. This is equivalent and a short-cut for combining the "mediahub_read"+"mediahub_write" scopes.
  -"mediahub_read": Allows read access to all MediaHub APIs. This includes listing files, jobs, and usage statistics.
  -"mediahub_write": Allows write access to all MediaHub APIs. This includes posting new jobs, creating new files, updating presets or pipelines or also deleting whatever items.
  -"mediahub_submit_jobs": Is a restricted scope that provides just those rights needed to post new jobs to the Jobs API but nothing else.
  -"mediahub_download_files": Is a restricted scope that provides just those rights needed to download files or stream videos that are specified by file id or object path.
  -"autograph": Gives access to all AutoGraph-specific API features like posting autograph-enabled jobs or interacting with the Backtraces API.

Request Parameters:

• expires_in: Time in seconds indicating after which time period the access_token shall expire.
• human: true or false. If set to 'true', it causes the response to be in a structured, more human-readable form. This is useful when calling the API through curl or from a browser.
  
  

Example

curl -X POST -d 'scope=mediahub,autograph&grant_type=client_credential&client_id=c53067b79169464aa3139c78&client_secret=ZqdEFsMX8OWz8yZAAHoy4zM1k0peftMpaPE5pyWo1XgDXGIGoJRtHJJJxwP8crq3' "https://api.xvid.com/v1/oauth2/token/?human=true&expires_in=7200"
{
  "access_token": "5JffwBZ_PDAg6qioaTZqHYsLqEVL2ygyKrgoAH3TRLjNxN0mEecDRodAUtjV00ti",
  "expires_in": "7200"
}

Watch out! The client_secret may contain characters that must be URL-encoded. So don't forget to URL-encode the value of your client_secret parameter!