We are integrating with the API (API Gateway) for rule creation. To log in, we use the VideoOS.Platform.SDK.Environment.AddServer function together with the credential cache. Subsequently, to make a request to the API, we retrieve the cache using the login settings (LoggingSettingsCache.GetLoginSettings(hostname, port)).
This has raised a question about the implications of logging in first with the credential cache and then extracting the token cache afterward. Would it not be better to retrieve the MIPTokenCache from the beginning and use it both for login and for API requests?
Lastly, we have read that this token cache renews itself automatically. Is this correct?
Thank you very much.
It sounds like you’re using our .NET Framework “MIP SDK” to login, which means yes the login session is kept alive for you by periodically refreshing your token before it expires.
If you prefer to use our REST API through the API Gateway directly, you’re welcome to do that whether you use our .NET Framework SDK or not. Many prefer using other languages like Python or Java or JavaScript, and you would need to manage the refresh of your JWT yourself in those cases.
If you continue to use our SDK, then it sounds like you’re already logging in properly. However, if you didn’t want to depend on our SDK or be limited to .NET Framework, you would want to authenticate directly with our identity server to get a token, keep that token refreshed in the background if needed, and then make your API calls directly against the API Gateway REST API endpoints.
https://doc.developer.milestonesys.com/mipvmsapi/api/config-rest/v1/
Perfect, thank you for your help. Even so, I still have some doubts about how the login works:
1. I understand that by using the SDK, if I log in as a basic user, the SDK is utilizing the IDP, correct?
2. And if I log in with an Active Directory user, would the SDK also be utilizing the IDP?
3. So, I’m left wondering what the difference is between the login shown above and the login with the MIPToken. Because as I understand it, both use the IDP?
4. Lastly, if I work in a federated architecture and my client authenticates on a site that has several child-sites, can I use the token I receive when registering on the parent site for the child-sites? For example, if the client wants to create a rule on one of the child-sites through the API Gateway, would I need to register on the child-site and receive a new token to then be able to create rules on it?
