The Blue Billywig “Server API” (sapi) requires authentication using time based one time passwords (TOTP).
1.0 | Calculate a token
- Create an API key (learn more about creating and managing API keys)
- In the API key details:
- Copy the shared secret and key id;
>
>Prevent access to your credentialsAPI keys offer access to your data. Make sure you don’t expose your API credentials in public repositories or client-side code.
- Copy the shared secret and key id;
- Apply a token expiration / TTL (“time to live”) of 120 seconds.
2.0 | Authenticate an API call
In the header of your API call, pass “rpctoken” containing both the API key id as well as a 10 digit calculated token:
{API_KEY_ID}-{CALCULATED_TOKEN}For example:
123-9784651320
Alternatively, pass the “rpctoken” as a query parameter on the URL. For example:
https://yourcompany.bbvms.com/sapi/mediaclip/1234567?rpctoken=123-9784651320
3.0 | Code Examples
The following example uses the otplib package to calculate a 10 digit time-based token with an expiration of 120 seconds. The calculated token should then be concatenated together with the API key id and passed in the header as “rpctoken” in your API call.
The fetch package is used to make the API call.
Install otplib and fetch:
npm i otplib
npm i node-fetch
Example code to request the clip data of clip 1234567:
The following example uses a PHP class for HMAC Based One Time Passwords (https://github.com/Jakobo/hotp-php) to calculate a 10 digit time-based token with a expiration of 120 seconds.
Concatenate the calculated token together with the API key id and pass in the header as “rpctoken” in your API call.
<?php
include_once("/PATH/TO/hotp.class.php");
$apiKeyId = '123';
$sharedSecret = '12345678f9e01dc2ba3e4d56c7b89ae0';
$expire = 120;
$result = HOTP::generateByTime($sharedSecret, $expire, time());
$output = $apiKeyId . '-' . $result->toString();
echo $output;
?>