Platform API Authentication
Overview
Without being authenticated, you can only access public resources via the API, like public video titles, descriptions, etc.
In order to interact with a Dailymotion channel via the API, access its protected resources and perform account restricted actions (editing a video, creating a Player, etc), you need to be granted permission by the Dailymotion channel. This can be done via API keys generated from the Dailymotion Studio of the channel you intend to interact with.
The Dailymotion Platform API uses the OAuth 2.0 protocol to manage authentication and authorization flows between the API and third-party applications. Authorizations are granted via an access token delivered by our authorization server.
In this guide, we’ll walk you through the steps of the authentication process:
- Create an API key that will be used to grant permissions to users who need to interact with your Dailymotion account
- Authenticate with one of the available grant types
- Retrieve the access token
- Interact with the protected resources of the Dailymotion account using the above access token
Endpoints
The Platform API is compatible with both public and private API keys.
Check our FAQ article to know which type of API key you should use depending on your needs.
Depending on your API key, the endpoint to access the Platform API will be different:
https://api.dailymotion.com/
https://partner.api.dailymotion.com/
In the following guide, we’ll go through the authentication process describing the steps for each type of API key with examples.
1. Create an API key
As a first step, you need to create an API key from your Dailymotion Studio. Depending on your needs, follow the guide to create a public API key or a private API key.
Once created, you’ll retrieve an API key and an API secret: make sure to store them safely. Move on to step 2 once done.
2. Perform authentication
To access the protected resources of a Dailymotion account via the API, this account can grant permission via an access token issued by our authorization server.
Depending on your scenario and technology, different authorization methods – called “grant types” – can be used to retrieve an access token.
The following grant types are available with the Platform API – note that they aren’t all compatible with private API keys:
| Grant types | Value | Public API key | Private API key |
|---|---|---|---|
| Client credentials Used for server-to-server communication or when the client acts on its own behalf: the client sends its API key and API secret directly to the token endpoint | client_credentials | ✘ | ✔ |
| Password Easy to implement, it should however only be used when there is a high degree of trust between the client application and the resource owner since the user’s credentials (username and password) are used to retrieve the access token | password | ✔ | ✘ |
| Authorization code Used by web applications that can securely store the client secret. It is a 2-step process where an authorization code is granted first, then exchanged for an access token | authorization_code | ✔ | ✘ |
Follow below the authentication steps dedicated to the grant type of your choice to retrieve an access token.
Client credentials grant type
To authenticate against the Platform API using the client_credentials grant type, you only need to pass in the API key and API secret generated in step 1 to retrieve an access token.
Make a POST request to https://partner.api.dailymotion.com/oauth/v1/token endpoint and include the following parameters:
grant_type: set toclient_credentialsto specify the grant type flowclient_id: the API key from step 1client_secret: the API secret from step 1scope: needs to be defined for specific permissions or access rights (read more about scopes)
Request example:
POST /oauth/v1/token HTTP/1.1
Host: partner.api.dailymotion.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=<API_KEY>
&client_secret=<API_SECRET>
&scope=<SCOPE>
Please use password or authorization code grant types with public API key
If your request is successful, move on to the next step.
If you encounter errors, please refer to the list of common errors to help you troubleshoot the request.
Password grant type
To authenticate against the Platform API using the password grant type flow, pass in the Dailymotion login credentials (username and password) along with the API key and secret generated in step 1.
Make a POST request to https://api.dailymotion.com/oauth/token endpoint and include the following parameters:
grant_type: set topasswordto specify the grant type flowclient_id: the API key from step 1client_secret: the API secret from step 1username: the username of the Dailymotion channel you want to accesspassword: the password of the Dailymotion channel you want to accessscope: needs to be defined for specific permissions or access rights (read more about scopes)
Request example:
POST /oauth/token HTTP/1.1
Host: api.dailymotion.com
Content-Type: application/x-www-form-urlencoded
grant_type=password
&client_id=<API_KEY>
&client_secret=<API_SECRET>
&username=<USER_USERNAME>
&password=<USER_PASSWORD>
&scope=<SCOPE>
Please use the client credentials grant type with private API keys
If your request is successful, move on to the next step.
If you encounter errors, please refer to the list of common errors to help you troubleshoot the request.
Authorization code grant type
Overview
The Authorization code grant type consists in obtaining an access token on behalf of a Dailymotion account after being granted permission via a code.
This method involves the following steps:
- Build your authorization page: Share your authorization URL, where your Dailymotion account can grant permission to a user to access specific resources
- Collect authorization code: Once the user is authentified, the authorization server will generate an authorization code
- Request an access token: Provide the authorization code to the authorization server to generate an access token representing the permission for this user to access the Dailymotion account protected resources
Implementation steps
Step 1 – Build your authorization URL
You need to build your authorization URL that includes the required parameters to be able to collect an authorization code.
The authorization URL https://api.dailymotion.com/oauth/authorize requires the following parameters:
response_type: Set to “code” to indicate that you want to receive an authorization codeclient_id: The API key from previous stepredirect_uri: The redirection URI where the authorization server will send the user after successful authentication and consent. This URI needs to match the Callback URL of your API key. If these values are different, the authorization server will reject your request.
https://api.dailymotion.com/oauth/authorize?response_type=code&client_id=YOUR_API_KEY&redirect_uri=YOUR_REDIRECT_URI
Step 2 – Collect authorization code
If the user is successfully logged in, the authorization server will generate an authorization code and redirect the user to the following URL: https://your-redirect-uri?code=AUTHORIZATION_CODE
In your application’s backend or server-side code, extract the authorization code from the code parameter, and store it securely as it will be used to request an access token in the next step.
Step 3 – Request an access token using the authorization code
The authorization code can now be sent to the Dailymotion token endpoint to generate an Oauth access token.
Make a POST request to the token server https://api.dailymotion.com/oauth/token with the following parameters:
grant_type: set toauthorization_codeto specify the grant type flowclient_id: the API key from previous stepclient_secret: the API secret from previous stepredirect_uri: same URI than in previous stepcode: authorization code retrieved in previous stepscope: needs to be defined for specific permissions or access rights (read more about scopes)
Request example:
POST /oauth/token HTTP/1.1
Host: api.dailymotion.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id=<API_KEY>
&client_secret=<API_SECRET>
&redirect_uri=<YOUR_REDIRECT_URI>
&code=<AUTHORIZATION_CODE>
&scope=<SCOPE>
Please use the client credentials grant type with private API keys
If your request is successful, move on to the next step.
If you encounter errors, please refer to the list of common errors to help you troubleshoot the request.
(Optional) – Prevent CSRF attacks with the state parameter
The state parameter can be used to pass a random value in the authorization URL.
This value can be used by your application to check the response legitimacy and mitigate cross-site request forgery (CSRF) attacks.
- Generate the
stateparameter – Your application must generate a unique random string for each authorization request - Add the state parameter – Add
stateand its associated value as a query parameter in the authorization URL - Handle the authorization response – Once logged in, the user is redirected to the specified redirect URI which will include the
stateparameter passed by the application - Verify the state parameter – Your application must check the state value received in the response against the one generated earlier. If the state parameter matches, the response is legitimate.
3. Retrieve access token
If your request is successful, you will get a JSON response containing the access token in the following format:
{
"access_token": "<ACCESS_TOKEN>",
"token_type": "Bearer",
"expires_in": 36000,
"refresh_token": "<REFRESH_TOKEN>",
"scope": "<SCOPE>"
}
The access token is returned in the access_token parameter and remains valid for the time defined in expires_in (time in seconds = 10 hours).
The refresh_token (only available with password and authorization_code grant types) enables you to request another access token without the need to ask for user credentials again.
Check our dedicated guide to know how to refresh a token.
4. Interact with protected resources
Now that you retrieved an access token, you are ready to use the API!
The access token should be passed for each API call in the request header as follows:
GET /user/<CHANNEL_ID>/videos HTTP/1.1 // Change "/user/<CHANNEL_ID>/videos" for any API call you want to perform
Host: api.dailymotion.com
Authorization: Bearer <ACCESS_TOKEN>
GET /user/<CHANNEL_ID>/videos HTTP/1.1 // Change "user/<CHANNEL_ID>/videos" for any API call you want to perform
Host: partner.api.dailymotion.com/rest
Authorization: Bearer <ACCESS_TOKEN>
The Dailymotion API will validate the access token to ensure it is authorized to access the requested resource.
Check the API Reference and guides to help you make the most out of the Dailymotion API! We’ve also gathered a few examples below to showcase common use cases.
Code samples
Public API key
Whether you’re confortable with JavaScript, PHP or Python, we’ve designed SDKs to facilitate the process of integrating our API into your projects.
Find our available SDKs here.
Private API key
Code samples using a private API key are currently only available in Python.
Generate an access token
#!/usr/bin/env python
import requests
#Authentication endpoint
auth_url = "https://partner.api.dailymotion.com/oauth/v1/token"
def get_access_token(client_id, client_secret):
'''
Authenticate on the API in order to get an access token
'''
response = requests.post(auth_url,
data={
'client_id': client_id,
'client_secret': client_secret,
'grant_type': 'client_credentials',
'scope': 'upload_videos read_videos edit_videos delete_videos'
},
headers={
'Content-Type': 'application/x-www-form-urlencoded'
})
if response.status_code != 200 or not 'access_token' in response.json():
raise Exception('Invalid authentication response')
return response.json()['access_token']
#Fill the client_id and client_secret generated in the step 1 and accessible directly from your Dailymotion Studio
access_token = get_access_token('<Your-client-id>',
'<Your-client-secret>')
Upload a video to a channel
To see the full list of fields available to manipulate a video, please refer to this documentation.
#!/usr/bin/env python
import requests
#Using the function from the step above to retrieve an access_token. (The function is not present in this document to keep it simple)
access_token = get_access_token('<Your-client-id>',
'<Your-client-secret>')
#Creating a generic header with your access token
authorization_header = { 'Authorization' : 'Bearer ' + access_token }
#Endpoint to retrieve an upload URL
file_upload_url = 'https://partner.api.dailymotion.com/rest/file/upload'
#Getting an upload url to upload the video file
def get_upload_url():
'''
Getting an upload url be able to store your video file
'''
response = requests.get(url=file_upload_url,
headers= authorization_header )
if response.status_code != 200 or not 'upload_url' in response.json():
raise Exception('Invalid upload url response')
return response.json()['upload_url']
#Sending the video file to the upload url obtained in the previous function
def upload_video_file(url):
'''
Uploading your video file to the platform
'''
files = {'file': open(
'Path/To/Your/File', 'rb')}
response = requests.post(url,
files=files,
headers= authorization_header)
if response.status_code != 200 or not 'url' in response.json():
raise Exception('Invalid upload video file response')
return response.json()['url']
#Base endpoint to publish a video into your channel. The full url will looks like this: 'https://partner.api.dailymotion.com/rest/user/<your-channel-xid>/videos'
publish_video_url = 'https://partner.api.dailymotion.com/rest/user/'
#Now that your video file is uploaded, you can publish your video by setting it's mandatory fields
def publish_uploaded_video(uploaded_url, channel_id ):
'''
Now that your video has been uploaded, you can publish it to make it visible
'''
publish_url = publish_video_url + channel_id + '/videos'
response = requests.post(publish_url, data={
"published": "true",
"url": uploaded_url,
"title": "YourVideoTitle",
"channel": "videogames",
"is_created_for_kids": "false"
},
headers= authorization_header )
if response.status_code != 200 or not 'id' in response.json():
raise Exception('Invalid publish video response')
return response.json()
#Executing the functions:
#Calling the get_upload_url function to retrieve the file upload url
upload_url = get_upload_url()
#Calling the upload_video_file function to upload the video file
uploaded_url = upload_video_file(upload_url)
#Calling the publish_uploaded_video function to set up the video mandatory fields and publish it into your channel
published_video = publish_uploaded_video(uploaded_url, <your-channel-xid>)
Edit a video
#!/usr/bin/env python
import requests
#Base video endpoint. The full url will looks like https://partner.api.dailymotion.com/rest/video/<your-video-id>
video_url = "https://partner.api.dailymotion.com/rest/video"
#Editing the title of an existing video. You can find the full list of fields you can manipulate here: https://developers.dailymotion.com/api/platform-api/reference/#video-fields
def edit_video_title(video_id, title):
'''
Now that your video has been uploaded, you can publish it to make it visible
'''
editing_video_url = video_url + '/' + video_id
response = requests.post(editing_video_url, data={
"title": title
},
headers= authorization_header
)
if response.status_code != 200 or not 'id' in response.json():
raise Exception('Invalid edit video response')
return response.json()
#Calling the edit_video_title to modify the title of one of my existing videos
edit_video_title(<your-video-xid>, <your-new-title>)
Delete a video
#!/usr/bin/env python
import requests
#Base video endpoint. The full url will looks like https://partner.api.dailymotion.com/rest/video/<your-video-id>
video_url = "https://partner.api.dailymotion.com/rest/video"
#Deleting an existing video.
def delete_video(video_id):
'''
You can delete your videos whenever you want
'''
#Building deleting video URL
deleting_video_url = video_url + '/' + video_id
response = requests.delete( deleting_video_url,
headers= authorization_header )
if response.status_code != 200 or not response.json():
raise Exception('Invalid delete video response')
return response.json()
#Calling the edit_video_title to modify the title of one of my existing videos
delete_video(<your-video-xid>)