Requesting a tokenized URL from a media URL without token.
support, ws.webtv, api, clips, get_xtokenized_url
GET vars specific to this request:
Var | Value | Description |
go | clips | The API section |
do | get_xtokenized_url | The API action |
iq | URL | URL that requires the token (URL Encoded) |
Resulting Request URL:
The resulting request URL would be similar to this (don't forget to append the required info: key, timestamp, salt and signature):
https://....../api.php?go=clips&do=get_xtokenized_url&iq={url}&{required information}
The following POST vars are required.
Var | Value | Description |
id_clip | (int) Clip ID | The ID of the Clip the media is associated to |
id_user | (int) User ID | The ID of the User logged in the WebTV |
The following POST var is optional (but recommended).
Var | Value | Description |
ip | (string) IP Address | The (public) IP of the User who will watch the media. If you do not provide it, the system will use the detected IP (the IP of the application which may -or may not- match the IP of the User who will watch the media). |
If the request was successful, you'll receive a response containing:
• original_url: The original URL.
• tokenized_url: The tokenized URL.
• used_ip: The IP used to generate the signature.
Example:
{ "original_url": "http:\/\/...urltotokenize...", "tokenized_url": "http:\/\/...urltotokenize...?token=xds56f4sadf86asdf87asdf4asd53", "used_ip": "xxx.xxx.xxx.xxx" }
If the request failed (for example, if no signature was provided in the request), you'll receive a response like the following:
{ "error" : "REQUEST_ERROR", "error_long" : "Missing signature" }
Possible Error Messages
Check the general errors.
Preparing GET and POST data.
// The GET vars $GET_VARS = array( "go" => "clips", "do" => "get_xtokenized_url", "iq" => "http://...urltosign..." ); // The POST vars $POST_VARS = array( "id_clip" => 551, "id_user" => 3, "ip" => "xxx.xxx.xxx" );
Generating the salt, timestamp, signature and sending the request
*** The following code block is common to all signed requests ***
// Collect the API Base URL and Credential info $API_URL = "https://www.mywebtvdomain.tv/api.php"; $API_KEY_ID = "1b323a1cb879fd4e66530fbad07a32ee"; $API_SHARED_SECRET = "MWIzMjNhMWNiODc5ZmQ0ZTY2NTMwZmJhZDA3YTMyZWViOTQ3MDJiOGM2ZTU2NjE3"; // keep this safe!!! // Generating salt and timestamp $salt = md5(mt_rand()); $timestamp = time(); $signature = base64_encode(hash_hmac('sha256', $salt.$timestamp, $API_SHARED_SECRET, true)); // Generating the validation signature // - Default method: using base64_encode(hash_hmac(...)) $signature = base64_encode(hash_hmac('sha256', $salt.$timestamp, $API_SHARED_SECRET, true)); // comment this line if using the next method // - Simplified method - available since v60: using md5(). // This method requires the variable $API_SIGNATURE_GENERATION_MODE = 1; in the config/Config.inc.php file. // $signature = md5($salt."-".$timestamp."-".$API_SHARED_SECRET); // you must "uncomment" this line when using the simplified method // Append the timestamp, salt, key and signature to the GET vars $GET_VARS["timestamp"] = $timestamp; // UTC timestamp $GET_VARS["salt"] = $salt; $GET_VARS["key"] = $API_KEY_ID ; // The API Key ID: This is public and is used by the API to identify the application; $GET_VARS["signature"] = $signature; // Create the request URL. Please note that if you do not use PHP buit in function // to create the HTTP query then don't forget to URL encode the values $REQUEST_URL = $API_URL."?".http_build_query($GET_VARS); // The previous will build an URL like .../api.php?go=api_subject&do=api_action&etc... // Create a new cURL resource and set the appropriate options $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $REQUEST_URL); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_POSTFIELDS, $POST_VARS); // If your PHP host does not have a valid SSL certificate, you will need to turn off SSL // Certificate Verification. This is dangerous (!), and should only be done temporarily // until a valid certificate has been installed curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); // Turns off verification of the SSL certificate. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Turns off verification of the SSL certificate. // Sending the request to the API $response = curl_exec($ch); // Processing the response if (!$response) { echo 'API call failed'; } else { print_r(json_decode($response,true)); }