API Integration

API Reference

All endpoints are POST requests relative to your environment base URL. Send and receive application/json.

LanguageJavaScriptcURLPythonEnvironmentTestProductionBase https://test.osteocom.me/sv6

Base URL

Examples target the Test base URL. Switch with the Environment selector above — production is https://www.osteocom.me/sv6.

Authorization POST

POST/contentLicensing_login

Exchange your client credentials for a bearer token. The returned token authorizes every subsequent call via the Authorization header.

Body parameters

clientId*

string

Required

Your unique client ID, provided by Osteocom.

clientSecret*

string

Required

Your secret key, provided by Osteocom.

Returns

token

string

Optional

A JWT bearer token for subsequent requests.

JavaScript

const res = await fetch("https://test.osteocom.me/sv6/contentLicensing_login", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    clientId: "psiGBHLDxxxxxxdIyDw",
    clientSecret: "QAtSxxxx…rz2JU",
  }),
});

const data = await res.json();

cURL

curl -X POST https://test.osteocom.me/sv6/contentLicensing_login \
  -H "Content-Type: application/json" \
  -d '{"clientId":"psiGBHLDxxxxxxdIyDw","clientSecret":"QAtSxxxx…rz2JU"}'

Python

import requests

res = requests.post(
    "https://test.osteocom.me/sv6/contentLicensing_login",
    json={"clientId": "psiGBHLDxxxxxxdIyDw", "clientSecret": "QAtSxxxx…rz2JU"},
)
data = res.json()

{ "token": "eyJhbGciOiJIUzI1Ni...JWT" }

Status codes

Status	Meaning
200	OK — a valid JWT token.
401	Not Authorized — unknown client.

---

Catalog access POST

POST/contentLicensing_catalog

Retrieve the catalog of channels and videolessons pre-agreed for your account. Each channel's content reflects its configured language.

Headers

Authorization*

string

Required

Bearer token, e.g. Bearer <token>.

Body parameters

clientId*

string

Required

Your unique client ID.

Returns

catalog

array of objects

Optional

Each object is a channel available to your account.

Show child attributes

idChannelstring

Channel identifier. Use as productId in authorization and video calls.

titlestring

Channel title, in the channel's configured language.

subtitlestring

Channel subtitle.

htmlDescriptionstring

Rich HTML description of the channel.

priceinteger

Price of the channel.

coverstring

Cover image URL.

backgroundstring

Background image URL.

trailerstring

Trailer video URL.

authorsarray of objects

The channel's authors — each with name and image.

videoarray of objects

The videolessons in the channel — each with videoId, title, duration (seconds) and videoQuality.

JavaScript

const res = await fetch("https://test.osteocom.me/sv6/contentLicensing_catalog", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: `Bearer ${token}`,
  },
  body: JSON.stringify({ clientId: "psiGBHLDxxxxxxdIyDw" }),
});

const data = await res.json();

cURL

curl -X POST https://test.osteocom.me/sv6/contentLicensing_catalog \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"clientId":"psiGBHLDxxxxxxdIyDw"}'

Python

res = requests.post(
    "https://test.osteocom.me/sv6/contentLicensing_catalog",
    headers={"Authorization": f"Bearer {token}"},
    json={"clientId": "psiGBHLDxxxxxxdIyDw"},
)
data = res.json()

{
  "catalog": [
    {
      "idChannel": "66d579675f2xxxxxxf15e4d3",
      "title": "Advanced Orthopedic Surgery",
      "subtitle": "Master advanced surgical techniques",
      "price": 100,
      "cover": "https://cdn.osteocom.me/covers/cover1.jpg",
      "authors": [{ "name": "Dr. Smith", "image": "https://cdn.osteocom.me/..." }],
      "video": [
        {
          "videoId": "video_001",
          "title": "Introduction to Arthroscopy",
          "duration": 2730,
          "videoQuality": "FULL_HD"
        }
      ]
    }
  ]
}

---

Content authorization POST

POST/contentLicensing_contentAccessAuthorization

Record a customer's purchase so they're authorized to access the content. Pass your own userId and the purchased products. Reusing the same userId reuses the same customer — no duplicate is created.

Headers

Authorization*

string

Required

Bearer token.

Body parameters

clientId*

string

Required

Your unique client ID.

userId*

string

Required

Your stable, unique identifier for the customer. Any format — it just has to stay the same for the same person.

email

string

Optional

Customer email. Becomes mandatory if marketing consent is enabled for your account; must be a valid address.

marketingConsent

boolean

Optional

Whether the customer opted in to marketing (e.g. newsletters). Defaults to false.

name

string

Optional

Customer's first name.

surname

string

Optional

Customer's last name.

products*

array of objects

Required

The purchased products, each with a price.

Show child attributes

productIdstring

The channel's idChannel from the catalog.

priceinteger

The price of that product.

Returns

token

string

Optional

The user's access key, used in the video call. Stable per customer.

JavaScript

const res = await fetch("https://test.osteocom.me/sv6/contentLicensing_contentAccessAuthorization", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: `Bearer ${token}`,
  },
  body: JSON.stringify({
    clientId: "psiGBHLDxxxxxxdIyDw",
    userId: "user_12345",
    products: [{ productId: "66d579675f2xxxxxxf15e4d3", price: 100 }],
  }),
});

const data = await res.json();

cURL

curl -X POST https://test.osteocom.me/sv6/contentLicensing_contentAccessAuthorization \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"clientId":"psiGBHLDxxxxxxdIyDw","userId":"user_12345","products":[{"productId":"66d579675f2xxxxxxf15e4d3","price":100}]}'

Python

res = requests.post(
    "https://test.osteocom.me/sv6/contentLicensing_contentAccessAuthorization",
    headers={"Authorization": f"Bearer {token}"},
    json={
        "clientId": "psiGBHLDxxxxxxdIyDw",
        "userId": "user_12345",
        "products": [{"productId": "66d579675f2xxxxxxf15e4d3", "price": 100}],
    },
)
data = res.json()

{ "token": "eyJhbGciOiJIUzI1Ni...JWT" }

Status codes

Status	Meaning
200	Purchase recorded.
400	Email field required.
403	Malformed email.

---

Video access POST

POST/contentLicensing_videoAccess

Issue a short-lived token for the authorized customer. Embed tokenAuthVideo in the player URL — see Video access.

Headers

Authorization*

string

Required

Bearer token.

Body parameters

userId*

string

Required

Your stable identifier for the customer.

clientId*

string

Required

Your unique client ID.

videoId*

string

Required

The video to play, from the catalog.

userAccessKey*

string

Required

The token returned by Content authorization for this customer.

Returns

tokenAuthVideo

string

Optional

A token to pass as the player URL signature.

expiresIn

integer

Optional

Token lifetime in seconds (900 = 15 minutes).

JavaScript

const res = await fetch("https://test.osteocom.me/sv6/contentLicensing_videoAccess", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: `Bearer ${token}`,
  },
  body: JSON.stringify({
    clientId: "psiGBHLDxxxxxxdIyDw",
    userId: "user_12345",
    videoId: "591441cexxxxxcc4f8d653",
    userAccessKey: userAccessToken,
  }),
});

const data = await res.json();

cURL

curl -X POST https://test.osteocom.me/sv6/contentLicensing_videoAccess \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"clientId":"psiGBHLDxxxxxxdIyDw","userId":"user_12345","videoId":"591441cexxxxxcc4f8d653","userAccessKey":"<userAccessKey>"}'

Python

res = requests.post(
    "https://test.osteocom.me/sv6/contentLicensing_videoAccess",
    headers={"Authorization": f"Bearer {token}"},
    json={
        "clientId": "psiGBHLDxxxxxxdIyDw",
        "userId": "user_12345",
        "videoId": "591441cexxxxxcc4f8d653",
        "userAccessKey": user_access_key,
    },
)
data = res.json()

{ "tokenAuthVideo": "eyJhbGciOiJIUzI1Ni...JWT", "expiresIn": 900 }

Status codes

Status	Meaning
200	A signed video token is returned.
401	Not authorized, or token expired.
404	Video not found.

---

Revoke access POST

POST/contentLicensing_revocateActivation

Revoke a customer's access to a channel at any time — for example on a refund or chargeback.

Headers

Authorization*

string

Required

Bearer token.

Body parameters

clientId*

string

Required

Your unique client ID.

channelId*

string

Required

The channel (idChannel) to revoke.

userId*

string

Required

The customer to revoke, identified by your userId.

Returns

userId

string

Optional

The customer whose access was revoked.

cancellationDate

string

Optional

When the revocation took effect.

JavaScript

const res = await fetch("https://test.osteocom.me/sv6/contentLicensing_revocateActivation", {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    Authorization: `Bearer ${token}`,
  },
  body: JSON.stringify({
    clientId: "psiGBHLDxxxxxxdIyDw",
    channelId: "66d579675f2xxxxxxf15e4d3",
    userId: "user_12345",
  }),
});

const data = await res.json();

cURL

curl -X POST https://test.osteocom.me/sv6/contentLicensing_revocateActivation \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"clientId":"psiGBHLDxxxxxxdIyDw","channelId":"66d579675f2xxxxxxf15e4d3","userId":"user_12345"}'

Python

res = requests.post(
    "https://test.osteocom.me/sv6/contentLicensing_revocateActivation",
    headers={"Authorization": f"Bearer {token}"},
    json={
        "clientId": "psiGBHLDxxxxxxdIyDw",
        "channelId": "66d579675f2xxxxxxf15e4d3",
        "userId": "user_12345",
    },
)
data = res.json()

{ "userId": "user_12345", "cancellationDate": "2026-06-09T10:24:00Z" }

Status codes

Status	Meaning
200	Revocation successful.