-
Notifications
You must be signed in to change notification settings - Fork 812
User Authentication
Note | The Emby API supports two different authentication schemes.
This page describes User Authentication. Please also see |
---|
Add the following request header on every request:
Authorization=Emby UserId="e8837bc1-ad67-520e-8cd2-f629e3155721",
Client="Android", Device="Samsung Galaxy SIII", DeviceId="xxx", Version="1.0.0.0" |
Parameter | Value |
---|---|
UserId | The Id of the current logged in user (if there is one) |
Client | The type of client (Android, Dashboard, Dlna, iOS, PC, WindowsPhone, WindowsRT, other) |
Device | The product name of the device |
DeviceId | The device's unique id |
Version | The client application version |
The dashboard currently displays customized icons for the following clients:
Android, Chromecast, Dashboard, Dlna, iOS, Emby Theater, Emby Classic, Roku, Windows Phone, Windows RT, Kodi (Formerly known as Xbmc)
Make a call to /Users/Public to get all public users.
Public users are users that the server admin has allowed to be displayed visually on the login screen. This can be managed by the server administrator by editing user permissions for each user.
If there are records returned, the app has the option of displaying the users in a visual login screen. This is up to the application developer to decide. If there are no records returned then present a username/password text entry form.
For each user, if PrimaryImageTag has a value, that indicates the user has an image. The image can then be downloaded using /Users/{Id}/Images/{Type}. See images.
Each user has a HasPassword property. This is used to determine if the user should be prompted to input a password. The application must authenticate regardless of this value.
Authenticate using /Users/AuthenticateByName. A 200 status code indicates success, while anything in the 400 or 500 range indicates failure.
The password must be sent in the body:
- pw - password in plain text
-
The return result object will have an AccessToken property. This should be included in all subsequent Http requests using the header X-Emby-Token.
-
If the user explicitly logs out, send a POST to /Sessions/Logout. This will revoke your access token. If the user closes the app without logging out, you can skip this and save the token for future use.
-
During normal application usage, if any http requests fail with a 401 response status code, this is generally an indication that the access token has been revoked. The user should be redirected back to the login screen.
-
For applications that support connectivity to multiple servers, the token should be saved along with the server's Id in order to avoid sending the wrong token to a particular server. The server Id is part of the SystemInfo object which can be retrieved from /System/Info.
See Parental-Control
Emby Home | Latest News | Emby Downloads | Emby Community Forums | © 2019 Emby LLC
- Locating the Server
- Emby Connect
- Browsing the Library
- Latest Items
- Item Information
- Item Types
- Images
- Items by Name
- Web Socket
- Remote Control
- Live TV
- Playlists
- Parental Control
- Filtering
- Sync
- Playback Guidelines
- Audio Streaming
- Video Streaming
- HTTP Live Streaming (HLS)
- Subtitles
- Playback Check-ins