There are 3 metadata attributes that you must pass in the session initialization calls that are required by design. The following 3 attributes are used to identify your application, the MVPD, and the unique user creating the session:
Field name
|
Example value
|
Where to use it
|
Obtained from
|
applicationID
|
75b4-431b-adb2-eb6b9e546013
|
Authorization header
|
Zendesk ticket during integration
|
Idp (MVPD name)
|
Spectrum
|
URI path
|
Adobe Primetime Authentication from config endpoint when user selects the MVPD
|
subject
|
12345
|
URI path
|
Adobe Primetime Authentication upstreamUserID metadata after user login
|
Additionally, your Concurrency Monitoring policy may require that you pass in other specific metadata in order to enforce concurrency. For example, you may wish to limit a user's ability to create sessions while outside of their home network, but allow them to create an unlimited number of sessions while at home. To solve for this, certain MVPDs, including Spectrum, support Home Based Authentication (HBA). MVPDs can send the metadata field "hba_status" to indicate whether or not someone is creating a session from within their home network.
- hba_status=true (user is at home)
- hba_status=false (user is not at home)
If your policy limits the number of sessions that can be created outside of a user's home network, passing hba_status=false on the session init call will trigger the enforcement of the policy.
Down the road you may wish to add additional rules to your policy that rely on other metadata being passed. For this reason, it’s a best practice to have the application make a call to http://streams.adobeprimetime.com/v2/metadata before initializing a session. The call to /metadata will return an array of metadata fields required by your policy. For example:
[
"hba_status"
]
Note:
- Making the session init call without passing all of the required metadata will result in a 400 response
- The Adobe Pass native Access Enablers retrieve upstreamUserID and other metadata (including hba_status) via the getMetadata() function, or via the /usermetadata endpoint when using the Clientless API.
- In the case of hba_status in particular, the value can change from true to false or vice versa after a user has already Authenticated. For this reason, you'll want retrieve the most up-to-date value after the Authorization call.
For more information about retrieving user metadata, please see the following documentation: