API Integration

Quickstart

Go from credentials to a playing video in four calls. Pick your language and environment — every snippet below updates to match.

LanguageJavaScriptcURLPythonEnvironmentTestProductionBase https://test.osteocom.me/sv6

Keep secrets server-side

These snippets are for local testing. Never expose clientSecret or tokens in client-side code in production.

Prerequisites

• Credentials — clientId and clientSecret from Osteocom.
• An environment — Test or Production (toggle above).
• A runtime — Node, a terminal with cURL, or Python.

The flow

1

Authenticate

Exchange your credentials for a bearer token used in every later call.

JavaScript

const res = await fetch("https://test.osteocom.me/sv6/contentLicensing_login", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    clientId: "psiGBHLDxxxxxxdIyDw",
    clientSecret: "QAtSxxxx…rz2JU",
  }),
});

const data = await res.json();

cURL

curl -X POST https://test.osteocom.me/sv6/contentLicensing_login \
  -H "Content-Type: application/json" \
  -d '{"clientId":"psiGBHLDxxxxxxdIyDw","clientSecret":"QAtSxxxx…rz2JU"}'

Python

import requests

res = requests.post(
    "https://test.osteocom.me/sv6/contentLicensing_login",
    json={"clientId": "psiGBHLDxxxxxxdIyDw", "clientSecret": "QAtSxxxx…rz2JU"},
)
data = res.json()

{ "token": "eyJhbGciOiJIUzI1Ni...JWT" }

2

Read the catalog

Fetch the channels and videolessons pre-agreed for your account.

JavaScript

const res = await fetch("https://test.osteocom.me/sv6/contentLicensing_catalog", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: `Bearer ${token}`,
  },
  body: JSON.stringify({ clientId: "psiGBHLDxxxxxxdIyDw" }),
});

const data = await res.json();

cURL

curl -X POST https://test.osteocom.me/sv6/contentLicensing_catalog \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"clientId":"psiGBHLDxxxxxxdIyDw"}'

Python

res = requests.post(
    "https://test.osteocom.me/sv6/contentLicensing_catalog",
    headers={"Authorization": f"Bearer {token}"},
    json={"clientId": "psiGBHLDxxxxxxdIyDw"},
)
data = res.json()

{
  "catalog": [
    {
      "idChannel": "66d579675f2xxxxxxf15e4d3",
      "title": "Advanced Orthopedic Surgery",
      "price": 100,
      "video": [ /* ... */ ]
    }
  ]
}

3

Authorize a customer

After the customer pays on your platform, record their entitlement. Use the channel's idChannel as productId.

JavaScript

const res = await fetch("https://test.osteocom.me/sv6/contentLicensing_contentAccessAuthorization", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: `Bearer ${token}`,
  },
  body: JSON.stringify({
    clientId: "psiGBHLDxxxxxxdIyDw",
    userId: "user_12345",
    products: [{ productId: "66d579675f2xxxxxxf15e4d3", price: 100 }],
  }),
});

const data = await res.json();

cURL

curl -X POST https://test.osteocom.me/sv6/contentLicensing_contentAccessAuthorization \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"clientId":"psiGBHLDxxxxxxdIyDw","userId":"user_12345","products":[{"productId":"66d579675f2xxxxxxf15e4d3","price":100}]}'

Python

res = requests.post(
    "https://test.osteocom.me/sv6/contentLicensing_contentAccessAuthorization",
    headers={"Authorization": f"Bearer {token}"},
    json={
        "clientId": "psiGBHLDxxxxxxdIyDw",
        "userId": "user_12345",
        "products": [{"productId": "66d579675f2xxxxxxf15e4d3", "price": 100}],
    },
)
data = res.json()

{ "token": "eyJhbGciOiJIUzI1Ni...JWT" }

4

Get a video token

Exchange the user's access key for a short-lived tokenAuthVideo, then embed it in the player. See Video access.

JavaScript

const res = await fetch("https://test.osteocom.me/sv6/contentLicensing_videoAccess", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: `Bearer ${token}`,
  },
  body: JSON.stringify({
    clientId: "psiGBHLDxxxxxxdIyDw",
    userId: "user_12345",
    videoId: "591441cexxxxxcc4f8d653",
    userAccessKey: userAccessToken,
  }),
});

const data = await res.json();

cURL

curl -X POST https://test.osteocom.me/sv6/contentLicensing_videoAccess \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"clientId":"psiGBHLDxxxxxxdIyDw","userId":"user_12345","videoId":"591441cexxxxxcc4f8d653","userAccessKey":"<userAccessKey>"}'

Python

res = requests.post(
    "https://test.osteocom.me/sv6/contentLicensing_videoAccess",
    headers={"Authorization": f"Bearer {token}"},
    json={
        "clientId": "psiGBHLDxxxxxxdIyDw",
        "userId": "user_12345",
        "videoId": "591441cexxxxxcc4f8d653",
        "userAccessKey": user_access_key,
    },
)
data = res.json()

{ "tokenAuthVideo": "eyJhbGciOiJIUzI1Ni...JWT", "expiresIn": 900 }

Troubleshooting

401 Unauthorized on authentication

• Verify your clientId and clientSecret are correct.
• Make sure you're hitting the right environment URL (toggle above).
• Check the credentials are sent as JSON in the request body.

Content authorization fails

• Confirm the productId matches an idChannel from your catalog.
• Keep the userId format stable and consistent per customer.
• Check the product is included in your agreed catalog.

Video token issues

• Ensure the userAccessKey comes from a successful authorization call.
• Verify the videoId belongs to an authorized channel.
• Video tokens last 15 minutes — generate one just before playback.

Going to production

• Switch the base URL to https://www.osteocom.me/sv6 (Environment → Production above).
• Store credentials securely — never in client-side code.
• Handle token expiration gracefully and test real user scenarios first.

Next steps

→API ReferenceEvery field, type and status code, with expandable response objects.→Video accessEmbed the secure player and handle token expiry.