Stream Gateway access
Similarly to ams, the Stream Gateway exposes its API over an HTTP interface. Clients can be anything from the provided Dev UI to any custom client you develop.
All calls to the Stream Gateway must be authenticated. Authentication takes the form of a single token per client you must embed in your requests.
A token is associated to a service account, has a limited lifetime, and can be revoked at any time.
1. Creating the token
An internal HTTP API is exposed for managing client tokens. This API is only accessible via a Unix domain socket which resides at
/var/snap/anbox-stream-gateway/common/service/unix.socket by default.
For convenience, the Stream Gateway has a built-in client designed to communicate to that API.
Creating a token
$ anbox-stream-gateway account create my-client AgEUYW5ib3gtc3RyZWFtLWdhdGV3YXkCBGFzZGYAAhkyMDIwLTA2LTIzVDA5OjMyOjE5KzAyOjAwAAAGIDcZMdTrdNdJB6kzjoXyx1_T6s8-0C1AQSyzaA_GHLYQ
Deleting a token
$ anbox-stream-gateway account delete my-client Account my-client deleted successfully
You can type
anbox-stream-gateway --help to list all commands
2. Using the token in your requests
When making requests to the Stream Gateway API you can either place the token in the request HTTP headers or in the query parameters.
$ curl -X GET https://18.104.22.168:4000/1.0/sessions \ -H 'authorization=macaroon root=AgEUYW5ib3...QSyzaA_GHLYQ'
$ curl -X GET https://22.214.171.124:4000/1.0/sessions?api_token=AgEUYW5ib3...QSyzaA_GHLYQ
Hint: The Anbox Stream SDK handles the token automatically for all its requests.