Authentication overview

Authentication server

The Watch Together Authentication server has two parts, the first one is hosted in the Media Server Cluster (MSC), the customer enclave, and the second is hosted by you in your data center/cloud.

This architecture will allow you to apply and integrate your own logic for supplying valid token to the clients and apply your own security standards.

Authentication flow

In order to make requests to the MSC Authentication service, you require API _KEY and API_SECRET, both of which you get by logging in to your private area - Private area.

Please note:

  • Tokens are only valid for a specific session and the JWT token describes the connection details

  • Tokens are generated only once and therefore need to be persisted on the CustomerAuthServer

  • For two clients to be able to connect to the same session the clients must have exactly the same JWT token

Customer authentication server

As we require that Clients will not directly request tokens from our Authentication service (CAS) we would like to suggest an authentication flow for your backend.

In this flow, we suggest a way to create a backend service that will be hosted on your side and will allow different clients to connect by sharing a TokenID.

Authentication API reference

Follow this link to see the Authentication API reference.


Need technical support? contact us at

Last updated