Concurrency Monitoring Tips & Tricks | Know What Metadata Your Policy Requires
What metadata do I need to pass when initializing a session?

There are 3 metadata attributes that you must pass in the session initialization calls that are required by design. The following 3 attributes are used to identify your application, the MVPD, and the unique user creating the session:



Field name





Example value 





Where to use it





Obtained from 















Authorization header





Zendesk ticket during integration 





Idp (MVPD name)










URI path





Adobe Primetime Authentication from config endpoint when user selects the MVPD 















URI path





Adobe Primetime Authentication upstreamUserID metadata after user login 








Additionally, your Concurrency Monitoring policy may require that you pass in other specific metadata in order to enforce concurrency. For example, you may wish to limit a user's ability to create sessions while outside of their home network, but allow them to create an unlimited number of sessions while at home. To solve for this, certain MVPDs, including Spectrum, support Home Based Authentication (HBA). MVPDs can send the metadata field "hba_status" to indicate whether or not someone is creating a session from within their home network.


  • hba_status=true (user is at home)
  • hba_status=false (user is not at home)


If your policy limits the number of sessions that can be created outside of a user's home network, passing hba_status=false on the session init call will trigger the enforcement of the policy. 


Down the road you may wish to add additional rules to your policy that rely on other metadata being passed. For this reason, it’s a best practice to have the application make a call to before initializing a session. The call to /metadata will return an array of metadata fields required by your policy. For example:







  • Making the session init call without passing all of the required metadata will result in a 400 response
  • The Adobe Pass native Access Enablers retrieve upstreamUserID and other metadata (including hba_status) via the getMetadata() function, or via the /usermetadata endpoint when using the Clientless API. 
  • In the case of hba_status in particular, the value can change from true to false or vice versa after a user has already Authenticated. For this reason, you'll want retrieve the most up-to-date value after the Authorization call.


For more information about retrieving user metadata, please see the following documentation: