Authentication

The Platform Management API v2 uses Bearer authentication.


Whether you are constructing an API call to the Platform Management API v2 or testing a route within our API reference documentation, you need to include your API secret within the header of the call.

You can retrieve your secret from your JW Player dashboard:

  1. From your API Credentials page, scroll down to the V2 API Credentials section.
  2. Click Show Credentials in the row of the relevant API key name.

    NOTE: If no API key names exist, type a new API key name, select a permission level, and click Add New API Key. Your account must have the Admin permission to create a new API key.

  3. Copy the Secret.

🚧

If someone has your API secret, that person has many account privileges.

Keep your secret secure!

Do not share your API secret in public environments like online forums, StackOverflow, or client-side code. However, if your secret is compromised, you can easily generate a new secret from your JW Player dashboard.



Authenticating an API Request

When you make an API call, add your secret to an Authorization header of your API request to authenticate the request.

curl -X POST https://api.jwplayer.com/v2/{resource} \
    -H 'Authorization: Bearer 123Four56==7123Four56==7' \
    ...

Authenticating an API Request from within the API Docs

  1. Next to the name of an API route, click Try It. The Header Auth pop-up window appears.
  2. In the V2 API Secret text box, enter "Bearer " followed by your secret.
  3. Click Try It again to authenticate the API call. Your authentication will persist until you end your browser session or refresh the browser page.

👍

IMPORTANT

API calls made via the API reference docs will affect the content of your account and count toward the usage limits of your account.



Rate Limit

The Platform Management API v2 rate limit is 60 requests/minute per API token. Calls that exceed this rate will not be executed and will return a 429 status error.

In the headers of an API response, jw-request-limit returns the rate limit and jw-request-remaining returns the remaining calls allowed.

jw-request-limit: 60
jw-request-remaining: 37

If your implementation exceeds this rate limit, contact our Support team. Our Support team can evaluate your implementation and provide options to address your requirements.