Getting started with SAPI

The Blue Billywig Online Video Platform is a full service platform for managing and publishing audiovisual content. SAPI is the Server API that can be used to manage, publish and retrieve content from (web) applications.

This section of the support site contains information about general usage and authentication, as well as a list of supported endpoints and routes. The SAPI is a RESTful API that uses JSON notation for most content representations. Authentication is required using time based tokens on a shared secret..

The user interface of the Online Video Platform is also accessible using the SAPI. That makes it a very relevant reference implementation. If you ever need to “reverse lookup” the inner workings of a functionality in the Online Video Platform, open the “Network Panel” of the developer tools in any browser and scan for requests that match ‘/sapi’.

1.0 | Client software

SAPI can be used through several publicly available REST clients. There are also basic wrappers for PHP, NodeJS and Java. As part of the onboarding process, you will receive a shared secret. If you didn’t receive the secret, please contact support.


Shared secrets are case sensitive. The following structure/format is used: 123-MyVerySecretSecret

This shared secret can be used to calculate time-based tokens. SAPI uses the HOTP algorithm for token calculation.  Read more about HOTP here.

Our SAPI wrappers have built-in authentication management, so configuring credentials is sufficient to get users up and running. For most actions, only the “editor” and “publisher” user roles are necessary. Besides the standard SAPI wrappers, it’s possible to have ready made implementations of the HMAC standard for several programming and environments. These are some platform specific examples:


“Speakeasy” package


npm install speakeasy request

Example file : speak.js :

var speakeasy = require("speakeasy")
var secret='mySecretSecret';
var token = speakeasy.totp({
  secret: secret,
  digits: 10,
  step: 120
var request = require('request');
var url = "[](" + token;
request.get( {
    url : url
  }, function(error, response, body) {
      console.log('body : ', body);
      console.log('response : ', response);
  } );

HOTP framework in php

Use the HOTP::generateByTime

method providing the shared secret (without ID- prefix) + a 120 second time window.

Apply the ID-prefix to the generated token and send it via the http header “rpctoken”.

Updated on February 16, 2021

Was this article helpful?

Related Articles