Authenticate and authorize users

Your video content is valuable and only authorized users should be permitted to view it. When a user launches your app, your app must identify the user and the content available to the user. JWP enables you to both identify users and manage their access to your content.


Existing appApp connected to a JWP property

The app can also be enabled for web and third-party payments.
Asset ID & Client IDIDs that enable access to content when combined:
  • Asset ID: Subscription asset that must be purchased to watch content on the app
  • Client ID: Authentication realm where user account is created
Contact your JWP representative for more information.

Set user authentication and authorization#

Follow these steps to enable authentication and authorization for an existing user:

  1. Log in an existing user account by calling POST /v2/accounts/authenticate (REST API) or InPlayer.Account.signIn() (JavaScript).

    When the request succeeds, JWP returns a unique user authentication token. When the request fails, JWP returns a failure response.


    curl -L -X POST '' \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode '' \
    --data-urlencode 'password=test123' \
    --data-urlencode 'grant_type=password' \
    --data-urlencode 'client_id=123-123-hf1hd1-12dhd1' \


    email: '',
    password: 'test123',
    cliendId: '123-123-hf1hd1-12dhd1',
    referrer: 'http://localhost:3000/'
    .then(data => console.log(data));
  2. Validate the user's access by calling GET /v2/items/jw-media/token?app_config_id={appConfigId}&media_id={mediaId} (REST API) or checkAccessForAsset() (Javascript).

    If access to the asset is verified, the method returns the content in the response that you can display in your app. If access to the asset cannot be verified, your app should redirect the user to your payment page to re-enter payment details.


    curl{appConfigId}&media_id={mediaId} \
    -H "Authorization:Bearer <token>"


    .then(data => console.log(data))
    .catch(error => error.response.json().then(data => console.log("Error", data)));

After you have validated the user's access, you can fetch the content by media ID and begin playback.

If you use an app config to manage your content, you can obtain the media ID from the contentId parameter of the app config URL.


You can add URL signing or digital rights management (DRM) for extra layers of content protection.