Authentication best practices


The Eagle Eye Media API offers users a range of authentication methods. Here is a summary of those methods:

Authentication methodUsageNotes
HTTP bearer access token in the authorization headerAll media types (live video, recorded video, and still images)The recommended method for all applications (web applications, mobile Apps, and OS-based applications)
Media cookiesThe MP4 format for recorded videosAn alternative option for implementing MP4 in the browser
Access token in the query string (RTSP)RTSP/RTSPS protocolAn alternative option for implementing RTSP
Web socket authentication messageTwo-way audioAn alternative option for connecting to the web socket

Eagle Eye recommends utilizing the HTTP Authorization header method for all API endpoints and media types, including live and recorded video or still images. This approach is suitable for all applications, including web-based, mobile Apps, and OS-based applications.

Alternatively, for those seeking implementation options, media cookies can be employed for MP4 format recorded videos.

For users working with the RTSP protocol, access tokens can be placed directly in the query string, allowing for a straightforward implementation using just one line of code.

Using the HTTP Authorization header

After logging in via OAuth there will always be an access token that can be used when making an API call. The access token can be passed along via the HTTP Authorization header.



This is the secure method for sending the access token and should be used whenever possible, except in the following cases.

Exceptions to using the HTTP Authorization header

When embedding media in the browser

The Eagle Eye Video API Platform makes it possible to embed video in the browser using the native HTML5 Video element. The benefit is that the player can be customized like any other player, it is easy to integrate, and it natively supports the progressive download feature as supported by browsers. To authenticate for the HTML5 video element, use media cookies.



Media cookies only authenticate for embedding media. All other requests should use the HTTP Authorization header.

For more information:

Live Video on Web

Recorded Video on Web

When using RTSP video streaming protocol

When integrating the RTSP or RTSPS (RTSP over TLS) API it is possible to use the Authorization header with the access token. Many RTSP clients do not support and therefore it is possible to add the access token into the query string. Only RTSP allows clients to add the access token query string. Other streaming methods require cookies or the usage of the HTTP Authorization header.

For more information:

RTSP Video

When using the two-way audio web socket connection

When integrating with the Two-Way Audio API you must authenticate the web socket with an authentication message.

For more information:

2-Way Audio (No SDK)