Skip to content

Permissions and access to Ott::Event (video/stream)

This document provides an overview of the logic that has been implemented in the API to limit the visibility of content by unauthorized users.

Basic information

Every User, can download basic information about Video/Stream

GET /api/v3/ott/events/

GET /api/v3/ott/events/{event_id}

Warning

Geoblocking filter is applied to each request. If the user tries to request an event when geoblock filter is applied, a 404 Not Found error will be returned.

If user want to play the video/stream, the client integrating with the API must download the stream data.

GET /api/v3/ott/events/{event_id}/stream

Warning

When requesting stream data, it is checked whether the user is authorized to download the stream. (Wicket integration)

Geoblocking

If the geoblocking filter is enabled, the API filters content for countries that are configured for the client. The country from the request comes is recognized based on the IP address (integration with IPinfo). This setting is not global. It is possible to set geoblocking for a single event/stream

Example: The client has the LIVE content blocking service enabled for countries POLAND and GERMANY. The user is in POLAND when requesting for Ott::Events, the data will be filtered to data that can be visible in a given country. Ott::Events that do not have the LIVE status will be returned. In case the user tries to request Ott::Event with the LIVE status - the API will return an Error Response with the status 404.

User not logged in

Sees content that is free with enabled rules for the client. Sees content that is paid using enabled rules for the client. It is not possible to play them, when requesting the stream for the event, an Error Response with status 403 will be returned.

User logged in

Sees content that is free with enabled rules for the client. Sees content that is paid using enabled rules for the client. It has the ability to play paid content after purchasing access. If the user does not have purchased access to the content, an Error Response is returned with status 403.

User VIP

VIP accaunt is manually assigned in Wicket for internal viewing/debugging purposes or to give it to some privileged user.

A user with this status can see all content without applying client rules or checking permissions. This is checked at the entitlements level (Wicket service).

WorkFlow

sequenceDiagram
  participant User
  participant Umpire
  participant Wicket
  autonumber
  User->>Umpire: get event data
  Umpire->>Wicket: check entitlements
  Wicket-->>Umpire: access success||denied
  Note right of Umpire: Country Filter
  Umpire-->>User: data||403||404

Diagram description

User makes a request to Umpire to fetch Ott::Events list or item. i.e. GET /api/v3/ott/events/

Umpire check the user's permission for this content by sending a request to the external service Wicket.

Wicket check entitlements for user, also check VIP account and return response.

Umpire make geoblocking filter if it is enabled for client.

Umpire returns data or error.