When you want to use the API you need an api_key and an api_secret, provided by Flipbase. The api_secret will be used to generate (server side) signatures to send authenticated requests.

The Flipbase API enables access to resources like organizations, collections and videos. Authentication of the API is modeled after Amazon's signed URL framework. The API utilizes RFC 2104 and RFC 4868 compliant HMAC's.

Requests without signature will be denied.

Create a signed request

The Flipbase API will deny all non-authorized requests by default. You can authorize a request using the Authorization header in the following format: <FLIPBASE_API_KEY>:<Signature>

Signed requests

StringToSign = HTTP-Verb + "\n" +
    URI-encode( <Path> ) + "\n" +

Signature = Base64( HMAC-SHA256( <FLIPBASE_API_SECRET>, UTF-8-Encoding-Of( <StringToSign> ) ) );

Using a signature in API requests

DELETE /api/videos/<VIDEO_ID> HTTP/1.1
Date: Date
Authorization: Signature <FLIPBASE_API_KEY>:<Signature>

Using the signature with the Flipbase Player.js

Just create a signature the way you do with any API request, but append the elements you've used in the StringToSign in querystring like style to the signature. NOTE: the URI-encoded path should equal: '/api/videos/' when creating signatures to be used along with the video player.

SignatureString = 'signature=<SIGNATURE>&' +
  'api_key=<FLIPBASE_API_KEY>&' +

Add this signature to each Flipbase HTML video element on the page;

<video type="flipbase" data-video-id="786553529-a24e-22ae-cca6-891861f7895" data-signature="<SIGNATURE_STRING>"></video>

StringToSign attributes

The string to sign that is used to create the signature is build using 3 attributes: the verb, path and date

Attributes Description
HTTP-Verb Uppercase plain-text (e.g GET, POST, PUT or DELETE)
Path URI path and query paramaters ((in lowercase characters only, excluding hostname)
Date The date value should be identitcal to the value provided in the Date or X-Flipbase-Date header. The Date is the current UTC time in ISO 8601 format (for example, 2016-08-08T09:04:29Z).


It's also possible to send these parameters along in the query instead of headers of the request.

Header Required Descriptions
Date only if X-Flipbase-Date is omitted The value of the Date header must be in one of the RFC 2616 formats. Some HTTP client libraries do not expose the ability to set the Date header for a request. If you have trouble including the value of the Date header in the headers, you can set the timestamp for the request by using an X-Flipbase-Date header instead.
X-Flipbase-Date only if Date header is omitted The value of the X-Flipbase-Date header must be in one of the RFC 2616 formats. When an X-Flipbase-Date header is present in a request, the system will ignore any Date header when computing the request signature.
Authorization yes Prepend the : string with Signature.

results matching ""

    No results matching ""