Authentication best practices
Introduction
The Eagle Eye Media API offers users a range of authentication methods. Here is a summary of those methods:
| Authentication method | Usage | Notes |
|---|---|---|
| HTTP bearer access token in the authorization header | All media types (live video, recorded video, and still images) | The recommended method for all applications (web applications, mobile Apps, and OS-based applications) |
| Media cookies | The MP4 format for recorded videos | An alternative option for implementing MP4 in the browser |
| Access token in the query string (RTSP) | RTSP/RTSPS protocol | An alternative option for implementing RTSP |
| Web socket authentication message | Two-way audio | An alternative option for connecting to the web socket |
Eagle Eye recommends utilizing the HTTP Authorization header method for all API endpoints and media types, including live and recorded video or still images. This approach is suitable for all applications, including web-based, mobile Apps, and OS-based applications.
Alternatively, for those seeking implementation options, media cookies can be employed for MP4 format recorded videos.
For users working with the RTSP protocol, access tokens can be placed directly in the query string, allowing for a straightforward implementation using just one line of code.
Using the HTTP Authorization header
After logging in via OAuth there will always be an access token that can be used when making an API call. The access token can be passed along via the HTTP Authorization header.
Important
This is the secure method for sending the access token and should be used whenever possible, except in the following cases.
Exceptions to using the HTTP Authorization header
When embedding media in the browser
The Eagle Eye Video API Platform makes it possible to embed video in the browser using the native HTML5 Video element. The benefit is that the player can be customized like any other player, it is easy to integrate, and it natively supports the progressive download feature as supported by browsers. To authenticate for the HTML5 video element, use media cookies.
Important
Media cookies only authenticate for embedding media. All other requests should use the HTTP Authorization header.
For more information:
When using RTSP video streaming protocol
When integrating the RTSP or RTSPS (RTSP over TLS) API it is possible to use the Authorization header with the access token. Many RTSP clients do not support and therefore it is possible to add the access token into the query string. Only RTSP allows clients to add the access token query string. Other streaming methods require mediaapi.c000.eagleeyenetworks.com cookies or the usage of the HTTP Authorization header.
For more information:
When using the two-way audio web socket connection
When integrating with the Two-Way Audio API you must authenticate the web socket with an authentication message.
For more information:
Updated about 1 year ago