Appearance
Authenticating with the API
Introduction
All requests to the Sibelius Cloud API require authentication. The API uses OAuth2 for authentication. The API supports the client_credentials grant type.
Check existing library support!
Before you start, check if your programming language has a library that supports OAuth2. If it does, you can use that library to authenticate with the API, which will save you a great deal of effort.
See the authentication guide guide for more information.
Prerequisites
A valid client_id and client_secret are required to authenticate with the Sibelius Cloud API. These values are provided to you by Avid.
If you don't have these yet, please see onboarding.
Steps
INFO
From this point onward, we'll use the following credentials:
client_id = "myclientid"
client_secret = "myclientsecret"Step 1: Encode your client ID and client secret
Before you can authenticate with the API, you must encode your client_id and client_secret as a Base64 string. You will use this string in the Authorization header of your request.
Here is an example of how to encode your client_id and client_secret as a base64-encoded string:
bash
echo -n "myclientid:myclientsecret" | base64
bXljbGllbnRpZDpteWNsaWVudHNlY3JldA==This will output a Base64-encoded string that you will use in the Authorization header of your request.
How you encode your credentials will depend on the programming language you are using. Most programming languages have a built-in function for encoding strings as Base64.
Step 2: Request an access token
Make a POST request to the /auth/v1/oauth2/token endpoint. The request must include the following parameters:
- The
Authorizationheader set to the base64-encodedclient_idandclient_secretfrom step 1 using theBasicauthentication scheme. - The
grant_typeparameter set toclient_credentials, set in the body of the request. - The
scopeparameter set toscore view. - The
audienceparameter set tohttps://api.sibelius.avid.com/score-viewer/v1 https://api.sibelius.avid.com/score-storage/v1.
Here's an example:
sh
curl --request POST \
--url https://api.sibelius.avid.com/auth/v1/oauth2/token \
--header 'Authorization: Basic bXljbGllbnRpZDpteWNsaWVudHNlY3JldA==' \
--data grant_type=client_credentials \
--data 'scope=score view' \
--data 'audience=https://api.sibelius.avid.com/score-viewer/v1 https://api.sibelius.avid.com/score-storage/v1'js
const qs = require("querystring");
const http = require("https");
const options = {
method: "POST",
hostname: "api.sibelius.avid.com",
port: null,
path: "/auth/v1/oauth2/token",
headers: {
Authorization: "Basic bXljbGllbnRpZDpteWNsaWVudHNlY3JldA==",
},
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(
qs.stringify({
grant_type: "client_credentials",
scope: "score view",
audience:
"https://api.sibelius.avid.com/score-viewer/v1 https://api.sibelius.avid.com/score-storage/v1",
}),
);
req.end();py
import http.client
conn = http.client.HTTPSConnection("api.sibelius.avid.com")
payload = "grant_type=client_credentials&scope=score+view&audience=https%3A%2F%2Fapi.sibelius.avid.com%2Fscore-viewer%2Fv1+https%3A%2F%2Fapi.sibelius.avid.com%2Fscore-storage%2Fv1"
headers = { 'Authorization': "Basic bXljbGllbnRpZDpteWNsaWVudHNlY3JldA==" }
conn.request("POST", "/auth/v1/oauth2/token", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))go
package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.sibelius.avid.com/auth/v1/oauth2/token"
payload := strings.NewReader("grant_type=client_credentials&scope=score+view&audience=https%3A%2F%2Fapi.sibelius.avid.com%2Fscore-viewer%2Fv1+https%3A%2F%2Fapi.sibelius.avid.com%2Fscore-storage%2Fv1")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Basic bXljbGllbnRpZDpteWNsaWVudHNlY3JldA==")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}cs
var client = new RestClient("https://api.sibelius.avid.com/auth/v1/oauth2/token");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "Basic bXljbGllbnRpZDpteWNsaWVudHNlY3JldA==");
request.AddParameter("undefined", "grant_type=client_credentials&scope=score+view&audience=https%3A%2F%2Fapi.sibelius.avid.com%2Fscore-viewer%2Fv1+https%3A%2F%2Fapi.sibelius.avid.com%2Fscore-storage%2Fv1", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);swift
import Foundation
let headers = ["Authorization": "Basic bXljbGllbnRpZDpteWNsaWVudHNlY3JldA=="]
let postData = NSMutableData(data: "grant_type=client_credentials".data(using: String.Encoding.utf8)!)
postData.append("&scope=score view".data(using: String.Encoding.utf8)!)
postData.append("&audience=https://api.sibelius.avid.com/score-viewer/v1 https://api.sibelius.avid.com/score-storage/v1".data(using: String.Encoding.utf8)!)
let request = NSMutableURLRequest(url: NSURL(string: "https://api.sibelius.avid.com/auth/v1/oauth2/token")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error as Any)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()java
HttpResponse<String> response = Unirest.post("https://api.sibelius.avid.com/auth/v1/oauth2/token")
.header("Authorization", "Basic bXljbGllbnRpZDpteWNsaWVudHNlY3JldA==")
.body("grant_type=client_credentials&scope=score+view&audience=https%3A%2F%2Fapi.sibelius.avid.com%2Fscore-viewer%2Fv1+https%3A%2F%2Fapi.sibelius.avid.com%2Fscore-storage%2Fv1")
.asString();Assuming a well-formed and successful request, the API will respond with a JSON object containing the access token and other details:
json
{
"access_token": "…",
"expires_in": 3599,
"scope": "score view",
"token_type": "bearer"
}Step 3: Use the access token
Having earlier obtained an access token, you may now use it to make authenticated requests to the API. To do this, you must include the access token in the Authorization header of your request, using the Bearer authentication scheme.
Here is an example using the score_list API:
sh
curl --request GET \
--url https://api.sibelius.avid.com/score-storage/v1/scores \
--header 'Authorization: Bearer <ACCESS_TOKEN>'js
const http = require("https");
const options = {
method: "GET",
hostname: "api.sibelius.avid.com",
port: null,
path: "/score-storage/v1/scores",
headers: {
Authorization: "Bearer <ACCESS_TOKEN>",
},
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();py
import http.client
conn = http.client.HTTPSConnection("api.sibelius.avid.com")
headers = { 'Authorization': "Bearer <ACCESS_TOKEN>" }
conn.request("GET", "/score-storage/v1/scores", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))go
package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://api.sibelius.avid.com/score-storage/v1/scores"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("Authorization", "Bearer <ACCESS_TOKEN>")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}cs
var client = new RestClient("https://api.sibelius.avid.com/score-storage/v1/scores");
var request = new RestRequest(Method.GET);
request.AddHeader("Authorization", "Bearer <ACCESS_TOKEN>");
IRestResponse response = client.Execute(request);swift
import Foundation
let headers = ["Authorization": "Bearer <ACCESS_TOKEN>"]
let request = NSMutableURLRequest(url: NSURL(string: "https://api.sibelius.avid.com/score-storage/v1/scores")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error as Any)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()java
HttpResponse<String> response = Unirest.get("https://api.sibelius.avid.com/score-storage/v1/scores")
.header("Authorization", "Bearer <ACCESS_TOKEN>")
.asString();If successful, you should see a 200 response back from the API. If there are no scores in your account, the response will be an empty array:
json
[]If you have scores in your account, the response will be an array of score objects.