# Bigscreen Accounts API The user/account/billing/social API used by the BigScreenVR app. Currently a work in process. # Local Dev `default.env` describes the local environment, but you'll need access to the various config files and keys. Ask David for help! ## Curl API example ``` curl -v \ -H "Content-Type: application/json" \ -H "Authorization: BEARER_GOES_HERE" \ --data '{ "email": "qa+basic@bigscreenvr.com", "password": "PASSWORD_HERE" }' \ https://dev-fire-api.bigscreencloud.com/auth/login ``` # Account Access Notes To successfully create an account, you need: * A valid email address * A unique username * A password of at least 6 characters To login, you only need: * A valid email address from a previously created account. * A password of at least 6 characters. In addition to this, there are several other conditions: * the IP address from which you're creating the account must have a status of "FullAccess". * the device from which you're submitting your request must also have a status of "FullAccess". Both the login and create account endpoints, therefore, require an additional header, `x-bigscreen-system-info`, containing device information. The device information is a serialized JSON object in base64 format. At minimum, the object must contain the following: ``` { deviceUniqueIdentifier: } ``` However, the following data is expected from the Unity client: ``` { deviceUniqueIdentifier: String, version: String, HMD: String, deviceModel: String, operatingSystem: String, GPU: String, memory: Number, CPU: String } ``` To create the string in node js: ``` const systemInfo = { deviceUniqueIdentifier: "device-id-here" }; Buffer.from(JSON.stringify(systemInfo)).toString("base64"); ``` # API Usage To continue to use the API, you need a valid access token. When you first login or create an account, you get back the following: * A refresh token, valid for six months. * An access token, valid for fifteen minutes. To access protected API functions, you need to submit the access token with the `x-access-token` header. When you attempt to access the API with an expired access token, you'll get back a nonce. This can be used to renew the access token. When renewing the access token, you need to send back the following: * The nonce received previously. * The refresh token, received when you logged in or created the account. * An entry for `x-bigscreen-system-info`, mentioned previously. The rules are the same as for creating an account, in that: * the IP address from which you're renewing the access token must have a status of "FullAccess". * the device from which you're renewing the access token must also have a status of "FullAccess". # Oculus API notes Anything involving the oculus API has some curiously named variables. These variable names simply match what is used by the Oculus "S2S API": oculusId - a string containing the user's handle or nickname on the oculus account (e.g. "davidppp", "return_chris"). oculusUserId - an unsigned long integer containing a short lived user id for the user. This is unique for each Oculus AppID, and may change. oculusOrgScopedId - an unsigned long integer containing a fixed organization id. This identifier will be unique for all Bigscreen apps, and will not change. oculusUserProofNonce - a single use nonce used to verify an oculusUserId. # Reporting For studio reporting, you need to ssh to the server, then edit `apps/admin_api/reporting.js` to fill in the month/date that you're generating reports for. Run `node apps/admin_api/reporting.js` from the top level directory and it will generate a `report.tsv` HACK: currently, we're assuming all films are Paramount films, unless they're available in NZ, in which case, they're Funimation films. This is a hack, and we will do it properly before Warner Bros launches. Until then, be sure to edit the TSV to appropriately recategorize Paramount and Funimation films. There are only a few erroneous films that are NOT avail in NZ, but are actually Funimation films.