Authentication is done using the OAuth 2 workflow. A lot of resources are available with regards to OAuth 2 by doing a quick search on the internet. Below is described how this applies to the MediaLab API.
The MediaLab API supports the authorization code and refresh token grants. A typical authentication flow looks like this:
In order to use the API you will need to register an API client with us. It is currently not possible to do this online, please send us an email at firstname.lastname@example.org and we will gladly create one for you.
One API client can be used for all MediaLab environments, e.g. both https://companyX.medialab.co and https://companyY.medialab.co. The API itself can be accessed by appending "/api" to the channel URL, e.g. https://company.medialab.co/api/.
When registering your app you will need to provide us with a valid redirect URI, to which the user will be redirected after an authorization call. We allow only one redirect URI per app, so you will receive different credentials for testing/staging/production environments.
A valid access token is required for all requests to the API, except for the /api/oauth2 endpoints, and can be retrieved as described under "Authentication". This access token can be provided in several ways according to the OAuth2 specification:
When requesting an authorization code you need to provide the scopes for the session.
Please do note that only scopes the user has access to will be available.
Example: if the user has not been given upload rights within MediaLab, the upload scope will not be available. The available scopes for a user can be checked at the /api/user/info endpoint.
To request multiple scopes on the initial authorization attempt, provide a space separated list of scopes to the /api/oauth2/authorize endpoint. If you require a scope that you did not originally request when retrieving the access token, you must forward the user with the new scopes to the /api/oauth2/authorize endpoint so that the user can grant you access.
|basic||Basic read acces to files and folders|
|user.info||View user profile (includes name and email address)|
|manage||Edit / remove files and folders|
|share||Share files either by mail or embed code.|
If you are not developing an application to be used by other users, but only need access to your personal account, we allow authentication using a private token. This can also be used to access your account from a command-line application as it does not require a manual action once it has been set up. Please note this method should only be used for your personal account, and your private token should never be shared with someone else. It provides full access to your account.
The private token can be generated when you are logged in, by browsing to "Settings", then under "Profile" choose "API access". Currently we allow 1 private token per account. You can generate / revoke the token and use it directly with our API.
Once you have generated your private token, there are 2 ways to pass your token:
curl https://demo.medialab.co/user/info -H "Authorization: Private-Token [TOKEN_GOES_HERE]"
curl -X POST https://demo.medialab.co/upload/file -F "private_token=[TOKEN_GOES_HERE]"