Resume authentication session
Last update: March 5, 2025
- Topics:
- Authentication
IMPORTANTThe content on this page is provided for information purposes only. Usage of this API requires a current license from Adobe. No unauthorized use is permitted.
IMPORTANTREST API V2 implementation is bounded by the Throttling mechanism documentation.
Related Articles
Make sure to also visit the REST API V2 FAQs.
Request
HTTP
path
/api/v2/{serviceProvider}/sessions/{code}
method
POST
Path Parameters
serviceProvider
The internal unique identifier associated with the Service Provider during onboarding process.
required
code
The authentication code obtained after creating the authentication session on the streaming device.
required
Body Parameters
mvpd
The internal unique identifier associated with the Identity Provider during onboarding process.
If the streaming device platform has limitations in providing a value, then an application will have to resume the authentication session and provide a valid value.
If the streaming device platform has limitations in providing a value, then an application will have to resume the authentication session and provide a valid value.
required
domainName
The originating domain of the application performing MVPD login.
If the streaming device platform has limitations in providing a value, then an application will have to resume the authentication session and provide a valid value.
If the streaming device platform has limitations in providing a value, then an application will have to resume the authentication session and provide a valid value.
required
redirectUrl
The final redirect URL to which the user agent navigates when the authentication flow for the MVPD is completed.
The value must be URL-encoded.
If the streaming device platform has limitations in providing a value, then an application will have to resume the authentication session and provide a valid value.
The value must be URL-encoded.
If the streaming device platform has limitations in providing a value, then an application will have to resume the authentication session and provide a valid value.
required
Headers
Authorization
The generation of the bearer token payload is described in the Authorization header documentation.
required
Content-Type
The accepted media type for the resources being sent.
It must be application/x-www-form-urlencoded.
It must be application/x-www-form-urlencoded.
required
X-Forwarded-For
The IP address of the streaming device.
It is strongly recommended to always use it for server to server implementations, particularly when the call is made by the programmer service rather than the streaming device.
For client to server implementations, the IP address of the streaming device is sent implicitly.
It is strongly recommended to always use it for server to server implementations, particularly when the call is made by the programmer service rather than the streaming device.
For client to server implementations, the IP address of the streaming device is sent implicitly.
optional
Accept
The media type accepted by the client application.
If specified, it must be application/json.
If specified, it must be application/json.
optional
User-Agent
The user agent of the client application.
optional
Response
Code
Text
Description
200
OK
The response body contains information about the next actions needed to perform authentication.
400
Bad Request
The request is invalid, the client needs to correct the request and try again. The response body may contain error information that adheres to the Enhanced Error Codes documentation.
401
Unauthorized
The access token is invalid, the client needs to obtain a new access token and try again. For more details refer to the Dynamic Client Registration Overview documentation.
405
Method Not Allowed
The HTTP method is invalid, the client needs to use an HTTP method that is permitted for the requested resource and try again. For more details refer to the Request section.
500
Internal Server Error
The server side encountered an issue. The response body may contain error information that adheres to the Enhanced Error Codes documentation.
Success
Headers
Status
200
required
Body
JSON object having the following attributes:
Attribute
actionName
The action that the streaming device needs to perform in order to complete the authentication flow.
The possible values are:
- authenticate
The streaming device or another device needs to open the provided URL in a user agent. - retry
The streaming device or another device needs to provide the missing parameters and retry resuming the authentication session using the code. - authorize
The streaming device can directly proceed with decisions flows.
required
actionType
The type of interaction the streaming device must perform in order to continue the flow with the action specified by the 'actionName' attribute.
The possible values are:
- interactive
The flow continues with a navigation to the provided URL using a user agent. - direct
The flow continues with a direct call to the provided URL using an HTTP client available for the client implementation.
required
reasonType
The type of reason that explains the 'actionName'.
The possible values are:
- none
The client application is required to continue to authenticate. - authenticated
The client application is already authenticated through basic access flows. - temporary
The client application is already authenticated through temporary access flows. - degraded
The client application is already authenticated through degraded access flows.
required
missingParameters
The missing parameters that need to be provided in order to complete the basic authentication flow.
optional
url
The URL where the client application needs to navigate.
optional
code
The authentication code that can be used on a secondary application to resume the authentication session.
required
sessionId
The opaque identifier that can be used for tracking user activity.
required
mvpd
The internal unique identifier associated with the Identity Provider during onboarding process.
optional
serviceProvider
The internal unique identifier associated with the Service Provider during onboarding process.
required
notBefore
The timestamp before which the authentication code is not valid.
optional
notAfter
The timestamp after which the authentication code is not valid.
optional
required
Error
Headers
Status
400, 401, 405, 500
required
Content-Type
application/json
required
Body
The response body may provide additional error information that adheres to the Enhanced Error Codes documentation.
required
Samples
1. Resume authentication session without missing parameters
Request
POST /api/v2/REF30/sessions/8BLW4RW HTTP/1.1
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjNGZjM2U3ZS0xMmQ5LTQ5NWQtYjc0Mi02YWVhYzhhNDkwZTciLCJuYmYiOjE3MjQwODc4NjgsImlzcyI6ImF1dGguYWRvYmUuY29tIiwic2NvcGVzIjoiYXBpOmNsaWVudDp2MiIsImV4cCI6MTcyNDEwOTQ2OCwiaWF0IjoxNzI0MDg3ODY4fQ.DJ9GFl_yKAp2Qw-NVcBeRSnxIhqrwxhns5T5jU31N2tiHxCucKLSQ5guBygqkkJx6D0N_93f50meEEyfb7frbHhVHHwmRjHYjkfrWqHCpviwVjVZKKwl8Y3FEMb0bjKIB8p_E3txX9IbzeNGWRufZBRh2sxB5Q9B7XYINpVfh8s_sFvskrbDu5c01neCx5kEagEW5CtE0_EXTgEb5FSr_SfQG3UUu_iwlkOggOh_kOP_5GueElf9jn-bYBMnpObyN5s-FzuHDG5Rtac5rvcWqVW2reEqFTHqLI4rVC7UKQb6DSvPBPV4AgrutAvk30CYgDsOQILVyrjniincp7r9Ww
Content-Type: application/x-www-form-urlencoded
Accept: application/json
User-Agent: Mozilla/5.0 (Apple TV; U; CPU AppleTV5,3 OS 11.0 like Mac OS X; en_US)
Body:
mvpd=Cablevision&domainName=adobe.com&redirectUrl=https%3A%2F%2Fadobe.com
Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"actionName": "authenticate",
"actionType": "interactive",
"reasonType": "none",
"url": "/api/v2/authenticate/REF30/8ER640M",
"code": "8ER640M",
"sessionId": "1b614390-6610-4d14-9421-6565f6e75958",
"mvpd": "Cablevision",
"serviceProvider": "REF30",
"notBefore": "1733735289035",
"notAfter": "1733737089035"
}
2. Resume authentication session with missing parameters
Request
POST /api/v2/REF30/sessions/8BLW4RW HTTP/1.1
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjNGZjM2U3ZS0xMmQ5LTQ5NWQtYjc0Mi02YWVhYzhhNDkwZTciLCJuYmYiOjE3MjQwODc4NjgsImlzcyI6ImF1dGguYWRvYmUuY29tIiwic2NvcGVzIjoiYXBpOmNsaWVudDp2MiIsImV4cCI6MTcyNDEwOTQ2OCwiaWF0IjoxNzI0MDg3ODY4fQ.DJ9GFl_yKAp2Qw-NVcBeRSnxIhqrwxhns5T5jU31N2tiHxCucKLSQ5guBygqkkJx6D0N_93f50meEEyfb7frbHhVHHwmRjHYjkfrWqHCpviwVjVZKKwl8Y3FEMb0bjKIB8p_E3txX9IbzeNGWRufZBRh2sxB5Q9B7XYINpVfh8s_sFvskrbDu5c01neCx5kEagEW5CtE0_EXTgEb5FSr_SfQG3UUu_iwlkOggOh_kOP_5GueElf9jn-bYBMnpObyN5s-FzuHDG5Rtac5rvcWqVW2reEqFTHqLI4rVC7UKQb6DSvPBPV4AgrutAvk30CYgDsOQILVyrjniincp7r9Ww
Content-Type: application/x-www-form-urlencoded
Accept: application/json
User-Agent: Mozilla/5.0 (Apple TV; U; CPU AppleTV5,3 OS 11.0 like Mac OS X; en_US)
Body:
mvpd=Cablevision&domainName=adobe.com
Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"actionName": "retry",
"actionType": "direct",
"reasonType": "none",
"url": "/api/v2/REF30/sessions/8BLW4RW",
"missingParameters": ["redirectUrl"]
"code": "8BLW4RW",
"sessionId": "1b614390-6610-4d14-9421-6565f6e75958",
"mvpd": "Cablevision",
"serviceProvider": "REF30",
"notBefore": "1733735289035",
"notAfter": "1733737089035"
}
3. Resume authentication session while a valid profile already exists
Request
POST /api/v2/REF30/sessions/8BLW4RW HTTP/1.1
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjNGZjM2U3ZS0xMmQ5LTQ5NWQtYjc0Mi02YWVhYzhhNDkwZTciLCJuYmYiOjE3MjQwODc4NjgsImlzcyI6ImF1dGguYWRvYmUuY29tIiwic2NvcGVzIjoiYXBpOmNsaWVudDp2MiIsImV4cCI6MTcyNDEwOTQ2OCwiaWF0IjoxNzI0MDg3ODY4fQ.DJ9GFl_yKAp2Qw-NVcBeRSnxIhqrwxhns5T5jU31N2tiHxCucKLSQ5guBygqkkJx6D0N_93f50meEEyfb7frbHhVHHwmRjHYjkfrWqHCpviwVjVZKKwl8Y3FEMb0bjKIB8p_E3txX9IbzeNGWRufZBRh2sxB5Q9B7XYINpVfh8s_sFvskrbDu5c01neCx5kEagEW5CtE0_EXTgEb5FSr_SfQG3UUu_iwlkOggOh_kOP_5GueElf9jn-bYBMnpObyN5s-FzuHDG5Rtac5rvcWqVW2reEqFTHqLI4rVC7UKQb6DSvPBPV4AgrutAvk30CYgDsOQILVyrjniincp7r9Ww
Content-Type: application/x-www-form-urlencoded
Accept: application/json
User-Agent: Mozilla/5.0 (Apple TV; U; CPU AppleTV5,3 OS 11.0 like Mac OS X; en_US)
Body:
mvpd=Cablevision&domainName=adobe.com&redirectUrl=https%3A%2F%2Fadobe.com
Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"actionName": "authorize",
"actionType": "direct",
"reasonType": "authenticated",
"url": "/api/v2/REF30/decisions/authorize/Cablevision",
"sessionId": "1b614390-6610-4d14-9421-6565f6e75958",
"mvpd": "Cablevision",
"serviceProvider": "REF30"
}
4. Resume authentication session using basic or promotional TempPass (not required)
Request
POST /api/v2/REF30/sessions/8BLW4RW HTTP/1.1
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjNGZjM2U3ZS0xMmQ5LTQ5NWQtYjc0Mi02YWVhYzhhNDkwZTciLCJuYmYiOjE3MjQwODc4NjgsImlzcyI6ImF1dGguYWRvYmUuY29tIiwic2NvcGVzIjoiYXBpOmNsaWVudDp2MiIsImV4cCI6MTcyNDEwOTQ2OCwiaWF0IjoxNzI0MDg3ODY4fQ.DJ9GFl_yKAp2Qw-NVcBeRSnxIhqrwxhns5T5jU31N2tiHxCucKLSQ5guBygqkkJx6D0N_93f50meEEyfb7frbHhVHHwmRjHYjkfrWqHCpviwVjVZKKwl8Y3FEMb0bjKIB8p_E3txX9IbzeNGWRufZBRh2sxB5Q9B7XYINpVfh8s_sFvskrbDu5c01neCx5kEagEW5CtE0_EXTgEb5FSr_SfQG3UUu_iwlkOggOh_kOP_5GueElf9jn-bYBMnpObyN5s-FzuHDG5Rtac5rvcWqVW2reEqFTHqLI4rVC7UKQb6DSvPBPV4AgrutAvk30CYgDsOQILVyrjniincp7r9Ww
Content-Type: application/x-www-form-urlencoded
Accept: application/json
User-Agent: Mozilla/5.0 (Apple TV; U; CPU AppleTV5,3 OS 11.0 like Mac OS X; en_US)
Body:
mvpd=TempPass_TEST40&domainName=adobe.com&redirectUrl=https%3A%2F%2Fadobe.com
Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"actionName": "authorize",
"actionType": "direct",
"reasonType": "temporary"
"url": "/api/v2/REF30/decisions/authorize/TempPass_TEST40",
"sessionId": "1b614390-6610-4d14-9421-6565f6e75958",
"mvpd": "TempPass_TEST40",
"serviceProvider": "REF30"
}
5. Resume authentication session while degradation is applied
Request
POST /api/v2/REF30/sessions/8BLW4RW HTTP/1.1
Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJjNGZjM2U3ZS0xMmQ5LTQ5NWQtYjc0Mi02YWVhYzhhNDkwZTciLCJuYmYiOjE3MjQwODc4NjgsImlzcyI6ImF1dGguYWRvYmUuY29tIiwic2NvcGVzIjoiYXBpOmNsaWVudDp2MiIsImV4cCI6MTcyNDEwOTQ2OCwiaWF0IjoxNzI0MDg3ODY4fQ.DJ9GFl_yKAp2Qw-NVcBeRSnxIhqrwxhns5T5jU31N2tiHxCucKLSQ5guBygqkkJx6D0N_93f50meEEyfb7frbHhVHHwmRjHYjkfrWqHCpviwVjVZKKwl8Y3FEMb0bjKIB8p_E3txX9IbzeNGWRufZBRh2sxB5Q9B7XYINpVfh8s_sFvskrbDu5c01neCx5kEagEW5CtE0_EXTgEb5FSr_SfQG3UUu_iwlkOggOh_kOP_5GueElf9jn-bYBMnpObyN5s-FzuHDG5Rtac5rvcWqVW2reEqFTHqLI4rVC7UKQb6DSvPBPV4AgrutAvk30CYgDsOQILVyrjniincp7r9Ww
Content-Type: application/x-www-form-urlencoded
Accept: application/json
User-Agent: Mozilla/5.0 (Apple TV; U; CPU AppleTV5,3 OS 11.0 like Mac OS X; en_US)
Body:
mvpd=Cablevision&domainName=adobe.com&redirectUrl=https%3A%2F%2Fadobe.com
Response
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
{
"actionName": "authorize",
"actionType": "direct",
"reasonType": "degraded",
"url": "/api/v2/REF30/decisions/authorize/Cablevision",
"sessionId": "1b614390-6610-4d14-9421-6565f6e75958",
"mvpd": "Cablevision",
"serviceProvider": "REF30"
}
recommendation-more-help
3f5e655c-af63-48cc-9769-2b6803cc5f4b