Table of content

Platform API Authentication


Overview

Without being authenticated, you can only access public resources via the API, like public video titles, descriptions, etc.

In order to interact with a Dailymotion channel via the API, access its protected resources and perform account restricted actions (editing a video, creating a Player, etc), you need to be granted permission by the Dailymotion channel. This can be done via API keys generated from the Dailymotion Studio of the channel you intend to interact with.

The Dailymotion Platform API uses the OAuth 2.0 protocol to manage authentication and authorization flows between the API and third-party applications. Authorizations are granted via an access token delivered by our authorization server.

In this guide, we’ll walk you through the steps of the authentication process:

  1. Create an API key that will be used to grant permissions to users who need to interact with your Dailymotion account
  2. Authenticate with one of the available grant types
  3. Retrieve the access token
  4. Interact with the protected resources of the Dailymotion account using the above access token

Endpoints

The Platform API is compatible with both public and private API keys.
Check our FAQ article to know which type of API key you should use depending on your needs.

Depending on your API key, the endpoint to access the Platform API will be different:

Public API key
Private API key

https://api.dailymotion.com/

https://partner.api.dailymotion.com/

In the following guide, we’ll go through the authentication process describing the steps for each type of API key with examples.


1. Create an API key

As a first step, you need to create an API key from your Dailymotion Studio. Depending on your needs, follow the guide to create a public API key or a private API key.

Once created, you’ll retrieve an API key and an API secret: make sure to store them safely. Move on to step 2 once done.

2. Perform authentication

To access the protected resources of a Dailymotion account via the API, this account can grant permission via an access token issued by our authorization server.

Depending on your scenario and technology, different authorization methods – called “grant types” – can be used to retrieve an access token.

The following grant types are available with the Platform API – note that they aren’t all compatible with private API keys:

Grant typesValuePublic API keyPrivate API key
Client credentials

Used for server-to-server communication or when the client acts on its own behalf: the client sends its API key and API secret directly to the token endpoint
client_credentials
Password

Easy to implement, it should however only be used when there is a high degree of trust between the client application and the resource owner since the user’s credentials (username and password) are used to retrieve the access token
password
Authorization code

Used by web applications that can securely store the client secret. It is a 2-step process where an authorization code is granted first, then exchanged for an access token
authorization_code

Follow below the authentication steps dedicated to the grant type of your choice to retrieve an access token.

Client credentials grant type

To authenticate against the Platform API using the client_credentials grant type, you only need to pass in the API key and API secret generated in step 1 to retrieve an access token.

Make a POST request to https://partner.api.dailymotion.com/oauth/v1/token endpoint and include the following parameters:

  • grant_type: set to client_credentials to specify the grant type flow
  • client_id: the API key from step 1
  • client_secret: the API secret from step 1
  • scope: needs to be defined for specific permissions or access rights (read more about scopes)

Request example:

Private API key
Public API key
POST /oauth/v1/token HTTP/1.1
Host: partner.api.dailymotion.com
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
    &client_id=<API_KEY>
    &client_secret=<API_SECRET>
    &scope=<SCOPE>

Please use password or authorization code grant types with public API key

If your request is successful, move on to the next step.

If you encounter errors, please refer to the list of common errors to help you troubleshoot the request.

Password grant type

Authentication via the password grant type relies on your Dailymotion credentials. If you update your credentials, please ensure you also update your API authentication workflow accordingly.

To authenticate against the Platform API using the password grant type flow, pass in the Dailymotion login credentials (username and password) along with the API key and secret generated in step 1.

Make a POST request to https://api.dailymotion.com/oauth/token endpoint and include the following parameters:

  • grant_type: set to password to specify the grant type flow
  • client_id: the API key from step 1
  • client_secret: the API secret from step 1
  • username: the username of the Dailymotion channel you want to access
  • password: the password of the Dailymotion channel you want to access
  • scope: needs to be defined for specific permissions or access rights (read more about scopes)

Request example:

Public API key
Private API key
POST /oauth/token HTTP/1.1
Host: api.dailymotion.com
Content-Type: application/x-www-form-urlencoded

grant_type=password
    &client_id=<API_KEY>
    &client_secret=<API_SECRET>
    &username=<USER_USERNAME>
    &password=<USER_PASSWORD>
    &scope=<SCOPE> 

Please use the client credentials grant type with private API keys

If your request is successful, move on to the next step.

If you encounter errors, please refer to the list of common errors to help you troubleshoot the request.

Authorization code grant type

Overview

The Authorization code grant type consists in obtaining an access token on behalf of a Dailymotion account after being granted permission via a code.

This method involves the following steps:

  1. Build your authorization page: Share your authorization URL, where your Dailymotion account can grant permission to a user to access specific resources
  2. Collect authorization code: Once the user is authentified, the authorization server will generate an authorization code
  3. Request an access token: Provide the authorization code to the authorization server to generate an access token representing the permission for this user to access the Dailymotion account protected resources
TLDR Authorization code:

 

  1. Redirect the user to https://api.dailymotion.com/oauth/authorize?response_type=code&client_id=YOUR_API_KEY&redirect_uri=YOUR_REDIRECT_URI
  2. Collect the authorization code from the code parameter
  3. Send a POST HTTP request https://api.dailymotion.com/oauth/token with your client_id, client_secret, code and redirect_uri

Implementation steps

Step 1 – Build your authorization URL

You need to build your authorization URL that includes the required parameters to be able to collect an authorization code.

The authorization URL https://api.dailymotion.com/oauth/authorize requires the following parameters:

  • response_type: Set to “code” to indicate that you want to receive an authorization code
  • client_id: The API key from previous step
  • redirect_uri: The redirection URI where the authorization server will send the user after successful authentication and consent. This URI needs to match the Callback URL of your API key. If these values are different, the authorization server will reject your request.
https://api.dailymotion.com/oauth/authorize?response_type=code&client_id=YOUR_API_KEY&redirect_uri=YOUR_REDIRECT_URI

If the user does not authorize your application, Dailymotion redirects the user to the redirect_uri you specified, and adds both error and error_description parameters to the query

Dynamic redirect URI:

 

If your redirect_uri has to contain a dynamic part, you can add a slug to the callback URL defined on your API key level, following this model:

http://www.example.org/callback/[SLUGNAME]

Step 2 – Collect authorization code

If the user is successfully logged in, the authorization server will generate an authorization code and redirect the user to the following URL: https://your-redirect-uri?code=AUTHORIZATION_CODE

In your application’s backend or server-side code, extract the authorization code from the code parameter, and store it securely as it will be used to request an access token in the next step.

Step 3 – Request an access token using the authorization code

The authorization code can now be sent to the Dailymotion token endpoint to generate an Oauth access token.

Make a POST request to the token server https://api.dailymotion.com/oauth/token with the following parameters:

  • grant_type: set to authorization_code to specify the grant type flow
  • client_id: the API key from previous step
  • client_secret: the API secret from previous step
  • redirect_uri: same URI than in previous step
  • code: authorization code retrieved in previous step
  • scope: needs to be defined for specific permissions or access rights (read more about scopes)

Request example:

Public API key
Private API key
POST /oauth/token HTTP/1.1
Host: api.dailymotion.com
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code
  &client_id=<API_KEY>
  &client_secret=<API_SECRET>
  &redirect_uri=<YOUR_REDIRECT_URI>
  &code=<AUTHORIZATION_CODE>
  &scope=<SCOPE>

Please use the client credentials grant type with private API keys

If your request is successful, move on to the next step.

If you encounter errors, please refer to the list of common errors to help you troubleshoot the request.

(Optional) – Prevent CSRF attacks with the state parameter

The  state parameter can be used to pass a random value in the authorization URL.

This value can be used by your application to check the response legitimacy and mitigate cross-site request forgery (CSRF) attacks.

  1. Generate the state parameter – Your application must generate a unique random string for each authorization request
  2. Add the state parameter – Add state and its associated value as a query parameter in the authorization URL
  3. Handle the authorization response – Once logged in, the user is redirected to the specified redirect URI which will include the state parameter passed by the application
  4. Verify the state parameter – Your application must check the state value received in the response against the one generated earlier. If the state parameter matches, the response is legitimate.
Missing / Mismatch state value:

 

If the state value doesn’t match / is missing in the response, the application should consider it as a possible attack / security breach and should proceed with an investigation.

3. Retrieve access token

If your request is successful, you will get a JSON response containing the access token in the following format:

{ 
"access_token": "<ACCESS_TOKEN>", 
"token_type": "Bearer",
"expires_in": 36000,
"refresh_token": "<REFRESH_TOKEN>",
"scope": "<SCOPE>"
}

The access token is returned in the access_token parameter and remains valid for the time defined in expires_in (time in seconds = 10 hours).

The refresh_token (only available with password and authorization_code grant types) enables you to request another access token without the need to ask for user credentials again.
Check our dedicated guide to know how to refresh a token.

4. Interact with protected resources

Now that you retrieved an access token, you are ready to use the API!

The access token should be passed for each API call in the request header as follows:

Public API key
Private API key
GET /user/<CHANNEL_ID>/videos HTTP/1.1    // Change "/user/<CHANNEL_ID>/videos" for any API call you want to perform
Host: api.dailymotion.com
Authorization: Bearer <ACCESS_TOKEN>
GET /user/<CHANNEL_ID>/videos HTTP/1.1    // Change "user/<CHANNEL_ID>/videos" for any API call you want to perform
Host: partner.api.dailymotion.com/rest
Authorization: Bearer <ACCESS_TOKEN>

The Dailymotion API will validate the access token to ensure it is authorized to access the requested resource.

Check the API Reference and guides to help you make the most out of the Dailymotion API! We’ve also gathered a few examples below to showcase common use cases.


Code samples

Public API key

Whether you’re confortable with JavaScript, PHP or Python, we’ve designed SDKs to facilitate the process of integrating our API into your projects.

Find our available SDKs here.

Private API key

Code samples using a private API key are currently only available in Python.

Generate an access token

#!/usr/bin/env python
import requests
 
#Authentication endpoint
auth_url = "https://partner.api.dailymotion.com/oauth/v1/token"  
 
 
def get_access_token(client_id, client_secret):
    '''
    Authenticate on the API in order to get an access token
    '''
 
    response = requests.post(auth_url,
                             data={
                                 'client_id': client_id,
                                 'client_secret': client_secret,
                                 'grant_type': 'client_credentials',
                                 'scope': 'upload_videos read_videos edit_videos delete_videos'
                             },
                             headers={
                                 'Content-Type': 'application/x-www-form-urlencoded'
                             })
 
    if response.status_code != 200 or not 'access_token' in response.json():
        raise Exception('Invalid authentication response')
 
    return response.json()['access_token']  
 
 
#Fill the client_id and client_secret generated in the step 1 and accessible directly from your Dailymotion Studio
access_token = get_access_token('<Your-client-id>',
                                '<Your-client-secret>')

Upload a video to a channel

To see the full list of fields available to manipulate a video, please refer to this documentation.

#!/usr/bin/env python
import requests
 
#Using the function from the step above to retrieve an access_token. (The function is not present in this document to keep it simple)
access_token = get_access_token('<Your-client-id>',
                         '<Your-client-secret>')
 
#Creating a generic header with your access token
authorization_header = { 'Authorization' : 'Bearer ' +  access_token }
 
 
 
 
#Endpoint to retrieve an upload URL
file_upload_url = 'https://partner.api.dailymotion.com/rest/file/upload'
 
#Getting an upload url to upload the video file
def get_upload_url():
    '''
    Getting an upload url be able to store your video file
    '''
    response = requests.get(url=file_upload_url,
                            headers= authorization_header )
 
    if response.status_code != 200 or not 'upload_url' in response.json():
        raise Exception('Invalid upload url response')
 
    return response.json()['upload_url']
 
 
 
 
#Sending the video file to the upload url obtained in the previous function
def upload_video_file(url):
    '''
    Uploading your video file to the platform
    '''
 
    files = {'file': open(
        'Path/To/Your/File', 'rb')}
 
    response = requests.post(url,
                             files=files,
                             headers= authorization_header)
 
    if response.status_code != 200 or not 'url' in response.json():
        raise Exception('Invalid upload video file response')
 
    return response.json()['url']
 
 
 
 
#Base endpoint to publish a video into your channel. The full url will looks like this: 'https://partner.api.dailymotion.com/rest/user/<your-channel-xid>/videos'
publish_video_url = 'https://partner.api.dailymotion.com/rest/user/'
 
#Now that your video file is uploaded, you can publish your video by setting it's mandatory fields
def publish_uploaded_video(uploaded_url, channel_id ):
    '''
    Now that your video has been uploaded, you can publish it to make it visible
    '''
 
    publish_url = publish_video_url + channel_id + '/videos'
 
    response = requests.post(publish_url, data={
        "published": "true",
        "url": uploaded_url,
        "title": "YourVideoTitle",
        "channel": "videogames",
        "is_created_for_kids": "false"
    },
        headers= authorization_header )
 
    if response.status_code != 200 or not 'id' in response.json():
        raise Exception('Invalid publish video response')
 
    return response.json()
 
 
 
#Executing the functions:
 
#Calling the get_upload_url function to retrieve the file upload url
upload_url = get_upload_url()
 
#Calling the upload_video_file function to upload the video file
uploaded_url = upload_video_file(upload_url)
 
#Calling the publish_uploaded_video function to set up the video mandatory fields and publish it into your channel
published_video = publish_uploaded_video(uploaded_url, <your-channel-xid>)

Edit a video

#!/usr/bin/env python
import requests
 
 
#Base video endpoint. The full url will looks like https://partner.api.dailymotion.com/rest/video/<your-video-id>
video_url = "https://partner.api.dailymotion.com/rest/video"
 
#Editing the title of an existing video. You can find the full list of fields you can manipulate here: https://developers.dailymotion.com/api/platform-api/reference/#video-fields
def edit_video_title(video_id, title):
    '''
    Now that your video has been uploaded, you can publish it to make it visible
    '''
    editing_video_url = video_url + '/' + video_id
 
    response = requests.post(editing_video_url, data={
        "title": title
    },
        headers= authorization_header
    )
 
    if response.status_code != 200 or not 'id' in response.json():
        raise Exception('Invalid edit video response')
 
    return response.json()
 
 
#Calling the edit_video_title to modify the title of one of my existing videos
edit_video_title(<your-video-xid>, <your-new-title>)

Delete a video

#!/usr/bin/env python
import requests
 
#Base video endpoint. The full url will looks like https://partner.api.dailymotion.com/rest/video/<your-video-id>
 
video_url = "https://partner.api.dailymotion.com/rest/video"
 
#Deleting an existing video.
def delete_video(video_id):
    '''
    You can delete your videos whenever you want
    '''
     
    #Building deleting video URL
    deleting_video_url = video_url + '/' + video_id
 
    response = requests.delete( deleting_video_url,
                                headers= authorization_header )
    if response.status_code != 200 or not response.json():
        raise Exception('Invalid delete video response')
 
    return response.json()
 
#Calling the edit_video_title to modify the title of one of my existing videos
delete_video(<your-video-xid>)