Authorization

Follow this guide to create a new Brightcove credential that will allow Nexla to authenticate to and exchange data with your Brightcove Video Cloud account.

Brightcove

Prerequisites

The Brightcove APIs (CMS, Dynamic Ingest, Player Management, Live, and Analytics) use OAuth 2.0 client credentials for machine-to-machine authentication. Brightcove issues a short-lived access token (5-minute TTL) in exchange for a registered Client ID and Client Secret scoped to the specific operations your integration needs.

Before creating a Nexla credential, gather the following from your Brightcove Video Cloud account:

• Account ID — the numeric identifier for your Video Cloud account.

• Client ID — issued when you register an API Authentication client in Brightcove Studio.

• Client Secret — issued alongside the Client ID and shown only once at creation.

Locate Your Brightcove Account ID

Your Account ID is required because every Brightcove API endpoint is scoped to a specific account.

1. Sign in to Brightcove Studio.

2. Click your account name (or avatar) in the upper-right corner of the Studio header. Your numeric Account ID is displayed in the account information panel.

3. Alternatively, navigate to Admin > Account Information. The Account ID is listed near the top of the page.

4. Copy the Account ID and store it for use in the Nexla credential.

   If your organization has multiple Brightcove accounts (for example, separate publisher accounts), confirm that you copy the ID of the specific account whose videos, playlists, or analytics you want Nexla to access.

Register an API Authentication Client

Brightcove uses a self-service API Authentication page in Studio to register OAuth 2.0 clients and assign the scopes they are allowed to call.

1. In Brightcove Studio, navigate to Admin > API Authentication. This page is available only to users with administrator privileges on the account.

2. Click the Register New Application button to open the registration form.

3. Enter a descriptive Name for the application (for example, Nexla Integration) so the client is easy to identify later in the audit log.

4. Under Select the type of account, choose the account (or accounts) this client should be allowed to access. Select the same Account ID you copied above.

5. Under Select the operations this application will be authorized to perform, enable the API products and operations that match your integration needs. The Nexla Brightcove connector ships endpoint templates for the following products, so enable the corresponding scopes:

   • CMS API — Video Read/Write, Playlist Read/Write, Folder Read/Write, Label Read, Custom Fields Read, Assets Read.

   • Dynamic Ingest API — Ingest Read/Write (only required if you plan to trigger Dynamic Ingest jobs from Nexla).

   • Analytics API — Analytics Read.

   • Player Management API — Player Read.

   • Live API — Live Read (only required if you plan to read Brightcove Live job data).

   Brightcove follows the principle of least privilege — only enable the scopes your integration actually needs. You can edit the client later to add or remove scopes without re-issuing credentials.

6. Click Save. Brightcove generates and displays the new Client ID and Client Secret on the confirmation page.

7. Copy both values immediately and store them in a secure secret manager. The Client Secret is shown only once — if it is lost, you must rotate the credential by editing the client and generating a new secret.

For complete information about the API Authentication flow and the full scope catalog, see the Brightcove OAuth API Overview and the Managing API Authentication Credentials guide.

Important

The Client Secret grants programmatic access to your Brightcove account at the scope level configured on the client. Treat it like a password — store it in a secret manager, never commit it to source control, and rotate it immediately if you suspect it has been exposed.

Create a Brightcove Credential

• To create a new Brightcove credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

   Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Brightcove OAuth 2.0 Settings

2. Enter the Client ID issued by Brightcove in the Client ID field. This value is found in Admin > API Authentication in Brightcove Studio.

3. Enter the Client Secret issued alongside the Client ID in the Client Secret field. This value is shown only once at client creation and cannot be retrieved later — if it has been lost, generate a new secret in Brightcove Studio.

4. Enter your numeric Brightcove Video Cloud Account ID in the Account ID field. Nexla substitutes this value into the account path of every Brightcove API call (for example, https://cms.api.brightcove.com/v1/accounts/{account_id}/videos).

   Nexla exchanges the Client ID and Client Secret for a short-lived access token by calling https://oauth.brightcove.com/v4/access_token. Tokens expire after approximately 5 minutes, and Nexla automatically refreshes them — no additional configuration is required.

Save the Credential

1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential. Nexla validates the credential by issuing a test request to the Brightcove CMS API with the configured Account ID.

2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.