The Customer Authenticator
This tutorial explains how to obtain the authentication parameter required in all calls to the ExpressPlay REST API.
The Customer Authenticator (API Key)
The ExpressPlay Service provides a rich REST API for generating content licenses for a variety of DRM systems. Access to the API requires an API key, which for legacy reasons is also known as the Customer Authenticator, is a unique and confidential value that must be specified in the customerAuthenticator parameter of each API call.
After creating an account your will need to create an authenticator at https://portal.expressplay.com/apikeys. Please take note of the authenticator as you will no longer be able to access the value through the portal once it was created.
Multiple API Keys/Customer Authenticators can be generated through the admin portal, all of which can be used concurrently.
To generate an API Key/Customer Authenticators, log in to the ExpressPlay portal and click on the “API Keys” option from the left menu
Note that the API Key/Customer Authenticator value cannot be later recovered from the portal, so please copy the generated value. If the API Key/Customer Authenticators is lost simply create a new one.
Deleting API Keys / Customer Authenticators
In the case an API key/Customer Authenticator has been leaked it can be deleted through the admin portal.
Before expiring the API key/Customer Authenticators please alert any downstream Partners (e.g. Fastly, Swank) who the key may have been shared with.
A possible strategy to address a breach would be to create a new API key/Customer Authenticators immediately and expire the old key when the rollout has been completed.