Using an App User

EchoStream uses AWS Cognito as its Identity Provider (IDP). In order to use your App User, you must obtain it's credentials from EchoStream, log into Cognito to obtain your temporary JSON Web Tokens (JWT), and then use the Access Token JWT to call EchoStream APIs.

Credentials

To obtain the credentials for your App User, go into your App's inspect screen. The following credentials will be provided to you:

Logging In

You must log into EchoStream's AWS Cognito User Pool to obtain your JWT, which is then used to access EchoStream's API.

This can be accomplished using either:

• Directly calling the AWS API using RESTful calls (not recommended)
• Your programming language's AWS API SDK (e.g. - boto3 for Python)
• A higher-level library that abstracts login management (e.g. - pycognito for Python)

NOTE - In all cases, when you initiate authentication you must use USER_SRP_AUTH as the auth flow!

Using the higher-level library is recommended for two reasons:

1. Authenticating to Cognito can be somewhat complex, and the library should abstract that from you.
2. The JWT returned from Cognito is temporary, and contains three tokens; Identity Token, Access Token, and Refresh Token. You will be required to use the Refresh Token to obtain a new Access Token every so often. The library should handle this for you.

Accessing the API

Once you have logged in, you can call the EchoStream API to get information about your App. App Users are not allowed to make changes.

For every API that you call, you must pass the Access Token that you obtained during login or refreshed when it expired in the Authorization header field.