When users add your service to their household, they enable Sonos to access their account. Sonos can send the user to your mobile app or to a Web page to enter credentials using OAuth authentication.
There are two ways to offer OAuth authentication:
- App authentication—for users with the Sonos app on mobile devices, you can offer “app authentication”, where Sonos opens a deep link to your app to perform the authentication.
- Browser authentication—for users who don’t have your app installed, or who aren’t using a mobile device, you can offer “browser authentication”, where users to go to a Web page to enter their credentials.
Sonos uses one API call to provide both of these options. You must at least enable browser authentication to provide a Web page for users to enter their credentials. However, we encourage you to offer both browser and app authentication for the best user experience.
You can offer anonymous access
Finally, you can decide not to use any authentication, also known as “anonymous access”. For example, your service could use anonymous access to offer a limited free trial.
Anonymous access limits the features available for your service. For example, you can’t offer personalization options saved to a user’s account like favorites or playlists. You also can’t secure your content from anyone with access to the URL for the media.
To get started with your implementation, follow this reading path:
- Add browser authentication.
- Use authentication tokens, SOAP headers, and refresh authentication tokens to continue to authenticate the user for all Sonos API calls.
- Add app authentication for iOS and Android apps.
- Add account — provide users the ability to create accounts on your service.
- Handle auth errors.
Upgrade to OAuth authentication
If your service has already implemented DeviceLink or Session ID authentication, your existing implementations will continue to work. However, we recommend you upgrade your implementation to use OAuth. See Upgrade to OAuth for details.
For new implementations we do not recommend using either DeviceLink or Session ID authentication.