Prepr Documentation

Prepr Documentation

Welcome to the Prepr Documentation. You'll find comprehensive guides and documentation to help you start working with Prepr as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Authentication flow

Any client requesting content from the API needs to provide an access token. You have two options to supply the access token, either as an Authorization request header field, or as an access_token URI query parameter. Our API implements the standardized OAuth 2.0 bearer token specification already supported by many HTTP clients like Guzzle or Postman.

About application-only auth

Tokens are passwords

Keep in mind that the consumer key & secret, access token credentials, and the access token itself grant access to make requests on behalf of an application. These values should be considered as sensitive as passwords and must not be shared or distributed to untrusted parties.

SSL required

This manner of authentication is only secure if SSL is used. Therefore, all requests (both to obtain and use the tokens) must use HTTPS endpoints. Non-https request will aways respond with the following error:

{
    "code": 403,
    "message": "Forbidden",
    "type": "HttpNotAllowed",
    "dbtrace": "GAE.1518723042.4213"
}

Requesting an access token with scopes

After creating an application key, you can use it to request access tokens by issuing a HTTP POST request to /oauth/access_token

Authenticate a request

To access the Mediaconnect API you first need to authenticate your app with an OAuth bearer token.

A token provides scoped access to a single environment, you need to obtain another token for every new enviroment you want to access.

We recommend using different access tokens for different applications or front end applications, for example, one for an iOS app and another for Android app. This allows you to revoke them individually in the future and manage access independently.

There are two ways to send the authentication token to an API. You can include it as a query parameter, access_token=$token, or as an HTTP header Authorization: Bearer $token. The header method is preferred.

# As a header
curl -v https://api.eu1.graphlr.io/v5/publications -H 'Authorization: Bearer sdfghjk-lkygdhm-ajsdggahsjdiui34j0-hghjdak'
# As a query parameter
curl -v https://api.eu1.graphlr.io/v5/publications?access_token=sdfghjk-lkygdhm-ajsdggahsjdiui34j0-hghjdak

If you fail to include a valid access token, you will receive an error message like this:

{
    "code": 401,
    "message": "Unauthorized",
    "dbtrace": "GAE.1518722622.2355"
}