Create Client Credentials

This sample allows you to create client credentials for one or more accounts, assigning them the API permissions you choose.

Introduction

Getting client credentials is a one-time prerequisite for getting access tokens, which the majority of Brightcove APIs use to authenticate requests.

For a full explanation of client credentials, see how the Brightcove OAuth service works.

This sample shows you how to get client credentials from a web app. Because the OAuth API is not CORS-enabled and requests must be made from the server side, the app sends necessary information to a proxy, which then makes the api request and sends the response back to the client. The proxy here is written in PHP, but any server-side language will do - you just need to be able to send a POST request to the app over the internet.

Getting your BC_TOKEN

To get a client_id and client_secret via the OAuth API, you will need a BC_TOKEN to authenticate your request. Your BC_TOKEN is set as a cookie when you login to Studio. You can get that cookie any way you like, but to make it easier, we have created the following JavaScript snippet - you can paste it into the developer console when you are logged into Studio, press return, and a prompt will appear containing the BC_TOKEN:

Get credentials app

Source code

Find all the code associated with this sample in this GitHub repository.

Sample app

See the Pen OAuth API Sample: Create Client Credentials by Brightcove Learning Services (@rcrooks1969) on CodePen.

Using the CodePen

Here are some tips to effectively use the above CodePen:

  • Toggle the actual display of the player by clicking the Result button.
  • Click the HTML/CSS/JS buttons to display ONE of the code types.
  • Click Edit on CodePen in the upper right corner to fork this CodePen into your own account.
  • Find all the code associated with this sample in this GitHub repository.

Proxy code

In order to build your own version the sample app on this page, you must create and host your own proxy. This proxy is somewhat different than the proxy used for most of our sample apps, because authentication for the OAuth API method for creating client credentials is different that that for general API authentication. Complete code for the proxy used here is shown below.

        <?php
        /**
         * client-credentials-proxy.php - proxy for Brightcove RESTful APIs
         * gets a client id and client secret and returns the whole response
         * Accessing:
         *         (note you should *always* access the proxy via HTTPS)
         *     Method: POST
         *
         * @post {string} bc_token - BC_TOKEN with admin permissions on all accounts that credentials are requested for
         * @post {JSONstring} requestBody - the full request body as a JSON string
         *
         * @returns {string} $response - JSON response received from the OAuth API
         */
        
        // security checks
        if (strpos($_SERVER['HTTP_REFERER'], 'solutions.brightcove.com') == false && strpos($_SERVER['HTTP_REFERER'], 'ondemand.brightcovelearning.com') == false && strpos($_SERVER['HTTP_REFERER'], 'video.brightcovelearning.com') == false && strpos($_SERVER['HTTP_REFERER'], 's.codepen.io') == false && strpos($_SERVER['HTTP_REFERER'], 'fiddle.jshell.net') == false && strpos($_SERVER['HTTP_REFERER'], 'players.brightcove.net') == false && strpos($_SERVER['HTTP_REFERER'], 'support.brightcove.com') == false && strpos($_SERVER['HTTP_REFERER'], 'master-7rqtwti-6sglloa4yrkti.us.platform.sh') == false) {
            exit('{"ERROR":"Only requests from https://docs.brightcove.com or https:solutions.brightcove.com are accepted by this proxy"}');
        }
        
        // CORS enablement and other headers
        header("Access-Control-Allow-Origin: *");
        header("Content-type: application/json");
        header("X-Content-Type-Options: nosniff");
        header("X-XSS-Protection");
        
        // get data or die
        if ($_POST["requestBody"]) {
            $data = json_decode($_POST["requestBody"]);
        } else {
          exit("request body missing");
        }
        // get request type or default to POST
        if ($_POST["requestType"]) {
            $method = $_POST["requestType"];
        } else {
          $method = 'POST';
        }
        // get bc_token or die
        if ($_POST["bc_token"]) {
            $bc_token = $_POST["bc_token"];
        } else {
          exit("bc_token missing");
        }
        
        $request  = "https://oauth.brightcove.com/v4/client_credentials";
        $ch       = curl_init($request);
        curl_setopt_array($ch, array(
            CURLOPT_CUSTOMREQUEST  => $method,
            CURLOPT_RETURNTRANSFER => TRUE,
            CURLOPT_SSL_VERIFYPEER => FALSE,
            CURLOPT_HTTPHEADER     => array(
                'Content-type: application/json',
                "Authorization: BC_TOKEN {$bc_token}"
            ),
            CURLOPT_POSTFIELDS => json_encode($data)
        ));
        $response = curl_exec($ch);
        curl_close($ch);
        
        // Check for errors
        if ($response === FALSE) {
            die(curl_error($ch));
            exit('An error occurred on making the request');
        } else {
          echo $response;
        }
        
        ?>