Get Authorized Content

The syncAccess system controls access to content through a content identifier called a Content Category.  For example, a subscriber might be granted access to read "Sports" content.  Here, "Sports" is the pre-defined content category under which sports-related content would be grouped.

You call the Allowed Content API to get a list of all the content categories a given user can access.  To control viewing access in your application, you'd be expected to categorize your content using a content category. Then, you'd fetch the list of the content categories your user is allowed to access and check your defined category against this list.

For example, your user is trying to access "Local news" content in your application.  You call the Allowed Content API and receive a list of allowed categories like this: "sports, entertainment, breaking-news."  Since the returned list does not contain "Local news," you would deny access to the user and direct him/her to information on how to subscribe, etc.

Many customers simplify their content categories. For example they might define one category, "PaidContent."  Users are allowed to access any content provided the returned list contains "PaidContent."  This reduces the complexities of content organization and authorization.

Allowed Content API

You must have a valid Application Authentication token and a unique user id to call the Allowed Content API.  You make a GET request to https://{Client-Specific-Domain}/appservices/api/v2/subscriber/{userId}/allowedcontent.

You must provide an Authorization header for this request.  This is a bearer token authorization header but it will use the Application Authentication Token you saved from application authentication.  

The {userId} parameter is part of the URL and should be the user id you received from the User Account Details call. There are no other parameters to this API (i.e., no body parameters).

For example, if the user id you received in a prior call to the User Account Details API is 9283372, then you'd construct a GET request as shown in the following cUrl snippet.

curl --location --request GET 'https://subscribe.acmenews.com/appservices/api/v2/subscriber/9283372/allowedcontent' \
--header 'Authorization: Bearer G0fH-wsJUc5nqbIYTV312T3IZTIkRIdbt5a2GUr3_...AOhzyG3hDuULIrN483'
Click to copy

The API will return a JSON response with a list of the content categories the user is allowed to access.

{
    "UserId": 326,
    "AllowedContent": [
		"sports",
		"entertainment",
		"local-news"
		]
}
Click to copy

The user id is repeated in the output and the AllowedContent property contains an array of the various categories the user is allowed to access.

Note: if a user is granted access to all content, the API will return an AllowedContent list with just one item, "*"  The single "*" item indicates the user is allowed to access any content.

Conversely, if the user is not allowed to access any content (i.e., they have an expired subscription, or they never subscribed in the first place), the API will return an empty List. like this:

{    "UserId": 326,  "AllowedContent": [] }