Skip to content

Authentication

All Video Toolkit users are managed in a DRMtoday Merchant Account. The DRMtoday Central Authentication System DRMtoday CAS (Central Authentication System) is used for authentication of VTK-API calls and user interaction. Please find more information if needed in the DRMtoday documentation.

User Accounts

DRMtoday provides two different user account types which must be maintained by the Superuser of your Organization.

API

Example: castlabs::vtk

Based on Organization ID and Password. API accounts can be restricted to access only certain interfaces and tasks to harden security.

User

Example: user@castlabs.com

Based on EMail Address and Password. To be used for administrative tasks on the Video Toolkit user interface only.

Hosts

VTK Production https://vtk.castlabs.com

VTK Staging https://vtks.castlabs.com

To authenticate a VTK API call to execute a job (i.e. castlabs::test) there are always two steps: "Login" and "Ticket retrieval", each consisting of a POST request.

Authentication Example using cURL:

export DRMTODAY_PASSWORD="your DRMToday password"
export DRMTODAY_USERNAME="{{ user.username }}"

export CAS_TICKETS_URL="{{ settings.CAS_SERVER_URL }}v1/tickets"
export APP_URL="https://{{ settings.HOSTNAME }}/api/"

requests are made to the CAS system to get the ticket:

export CREDENTIALS="username=$DRMTODAY_USERNAME&password=$DRMTODAY_PASSWORD"
export TICKET_LOCATION=`curl -v -X POST -H content-type:application/x-www-form-urlencoded -d $CREDENTIALS $CAS_TICKETS_URL 2>&1 | grep -Eo 'location: [a-zA-Z0-9\:;\/\.%&\-]*' | awk '{printf $2}'`
export CAS_TICKET=`curl -v -X POST -H content-type:application/x-www-form-urlencoded -d "service=$APP_URL" $TICKET_LOCATION`

from now on, use the value of $CAS_TICKET to authenticate requests to the VideoToolkit API. A very simple method to confirm whether everything is working is to execute:

curl -v -H "Authorization: Ticket $CAS_TICKET" -H content-type:application/json  $APP_URL

If this call returns 200 OK you are now authorized to do actual requests.