Introduction
This article describes how to authorize a subscriber against specific digital content. The process outlined here allows an external application to control whether or not a user can access specific content. For example, an Electronic Edition (E-Newspaper), or a specific online article. Applications (iOS/Android) can also use these methods to secure content.
There are four steps involved in authorizing a user:
- Application authentication
- User (subscriber) authentication
- Fetching user account details
- Fetch a list of content categories to which the user is allowed
Each step is described in detail below
Note that there are two distinct authentication 'tokens' involved in these steps. There is an "Application Token" representing the authenticated client application through which the user is accessing content. There is also a "User Token" representing the authenticated user themselves.
It will be important to differentiate those as they are both required and used in different places.
Throughout these articles, you will see examples of tokens. The examples are deliberately shortened for brevity. The actual authentication tokens are typically several hundred characters long.
Most of the syncAccess API URLs are client-specific and will differ from the examples shown in these pages. Cutting and pasting the examples (i.e., the cUrl examples) will not work. Make sure you are substituting the correct domain values in your code.
ePublishing support can provide you with the necessary values.