Event & Tally Interactions (IS-07)
←Controller to Registry (IS-04) and Node Interactions (IS-05, IS-08) · Index↑ · Validating Access Tokens→
IS-10 adds security to the traditional Event and Tally HTTP requests.
IS-07 Events API
The Events API exposed by an IS-07 NMOS Device in the controls array under urn:x-nmos:control:events/v1.0 can be accessed in an authorized way by including the Access Token (Authorization: Bearer) in the HTTP header.
GET /x-nmos/events/v1.0/sources/{sourceId} HTTP/1.1
Host: node.example.com
Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCIgOiAiSl...
The Access Token needs to contain a read claim matching the Source path which is to be returned in the response.
For example, access to the IS-07 Source ID ‘9f463872-9621-4939-aa3a-dc3c82d8578b’ would require token claims as follows.
"x-nmos-events": {
"read": ["sources/9f463872-9621-4939-aa3a-dc3c82d8578b"]
}
Access to all IS-07 Source IDs can be requested with a token claim as follows.
"x-nmos-events": {
"read": ["sources/*"]
}
IS-07 WebSocket Events
The WebSocket URI for an IS-07 NMOS Device exposed in the connection_uri parameter can be accessed in an authorized way by:
- including the Access Token (
Authorization: Bearer) in the HTTP header of the request that initiates the WebSocket handshake - passing the Access Token as a query parameter (
wss://hostname/x-nmos/events/v1.0/devices/58f6b536-ca4c-43fd-880a-9df2501fc125?access_token=eyJhbGciOiJSUzUxMiIsInR5cCIgOiAiSl...) - only for situations in which it is not feasible to pass the token in the HTTP Authorization Header.
Further details on WebSocket authorization can be found in BCP-003-02.
IS-07 MQTT Events
Within the current specification only the WebSocket workflow is secured, while the MQTT workflow is not yet secured.
←Controller to Registry (IS-04) and Node Interactions (IS-05, IS-08) · Index↑ · Validating Access Tokens→