Mediaflow API
Authentication
Learn how to authenticate with the Mediaflow API using OAuth 2.0—obtain access tokens and securely authorize requests to access Mediaflow resources.
OAuth2 Authentication
Authentication to the Mediaflow API is handled via OAuth 2.0, using the token endpoint:
The following grant_type values are supported:
refresh_token
authorization_code
password
All authentication requests require a client_id and client_secret.
1. Authorization Code Flow (grant_type=authorization_code)
Use this flow for user-based authentication (typically in web applications).
Step 1: Redirect to Authorization URL
Redirect the user to:
https://login.mediaflowpro.com/authorizeWith the following query parameters:
Parameter | Description |
|---|---|
response_type | Must be "code" |
client_id | API client identifier |
redirect_uri | The URI to redirect the user after authentication |
state | (Optional) A client-specific value returned in the response |
Step 2: Exchange Code for Tokens
After the user authorizes and is redirected, exchange the code at:
POST https://accounts.mediaflow.com/1/oauth2/tokenRequest Parameters
grant_type=authorization_code
code (the code received from the redirect)
client_id
client_secret
redirect_uri (must match the one used in Step 1)
2. Refresh Token Flow (grant_type=refresh_token)
Use this flow to obtain a new access_token using a valid refresh_token.
Request Parameters
Parameter | Description |
|---|---|
grant_type | Must be "refresh_token" |
client_id | API client identifier |
client_secret | API client secret |
refresh_token | Refresh token obtained earlier |
3. Resource Owner Password Credentials Flow (grant_type=password)
Not all client_id values support the password grant type. Check with your account administrator if unsure.
Use this flow for trusted applications where username and password can be securely handled.
Request Parameters
Parameter | Description |
|---|---|
grant_type | Must be "password" |
client_id | API client identifier |
client_secret | API client secret |
username | User’s username |
password | User’s password |
state | (Optional) Returned in the response |
Response Format
All successful token requests return a JSON response like the following:
{
"access_token": "abc123",
"refresh_token": "xyz789", // Only for applicable flows
"token_type": "Bearer",
"expires_in": 3600,
"state": "optional-value"
}Field | Description |
|---|---|
access_token | Token to use in the Authorization header of API calls |
refresh_token | Token used to refresh the access token (if applicable) |
token_type | Always "Bearer" |
expires_in | Time in seconds the access token is valid |
state | Echoes the state parameter if it was included in the request |
Note: The presence of a refresh_token and the value of expires_in depend on the client_id used.