Concepts and Fundamentals

Overview and Glossary of Important Terms


Understanding Core Concepts

The C2C API relies on several essential technologies that you should understand before beginning an integration project. Review the headings in this article—if any terms are unfamiliar, this guide will help address those knowledge gaps. If you encounter challenges with specific concepts, our team is available to provide additional resources and support.

What You Need to Know

To successfully integrate with the C2C API, you should have a basic understanding of:

Networking Basics and Glossary

At its core, the Frame.io API enables communication between Frame.io's servers and your device or application, requiring network interactions for every operation.

Clear communication is essential in any relationship, including between servers and clients. Just as miscommunications occur in everyday conversation, similar challenges exist when computers exchange information.

Beyond addressing standard communication issues, we need to ensure secure transmission of sensitive data. Frame.io requires encryption for all server communications, adding necessary security layers to the process.

While implementing the C2C API, you'll likely use third-party libraries to handle networking details. However, since networking components often generate real-world errors, understanding the underlying processes when interacting with Frame.io's servers is valuable. Here's a concise glossary of essential terminology:

TCP/IP: Transmission Control Protocol / Internet Protocol

TCP/IP comprises standardized components and layers that enable global data transfer. For more information, we recommend this accessible, high-level resource.

TLS/SSL: Transport Layer Security / Secure Socket Layer

While TLS and SSL are technically different, they're commonly referenced interchangeably today. TLS represents the evolution of SSL, though the original acronym remains widely used.

Cryptography and Encryption—the disciplines focused on secure communication—are complex fields within computer science. Fortunately, as a C2C integrator, you only need to understand several key concepts: public keys, private keys, and certificates.

For more information about TLS, consult this overview.

Public and Private Keys: A public key works like a lock, while a private key serves as the corresponding key.

Think of this scenario: You want to send a confidential message to a colleague while ensuring privacy until delivery.

First, ask your colleague to send you a lock for which only they have the key.

Upon receiving this lock, secure your confidential message in a container using it. While anyone handling the container can see the lock, only your colleague has the key to access the contents. The lock provides no value to unauthorized parties trying to view the message. Even you cannot unlock it without the key.

When your colleague receives the secured container, they simply use their key to access the contents.

Public and private keys work the same way. You can share a public key widely. Recipients encrypt messages with this key, but only the private key holder can decrypt these communications. As long as the private key remains confidential, the public key cannot be used to decode the encrypted messages it creates.

This public/private key mechanism underpins TLS functionality, allowing parties to communicate openly while establishing secure, private channels.

Certificates: Certificates contain public and private keys, authenticated by trusted certification authorities.

When a Certificate Authority validates a key, it essentially vouches for the key's authenticity. Recipients of a public key—such as one from Google—can verify this endorsement from recognized certification authorities. Unendorsed keys are considered potentially fraudulent and trigger security alerts.

Frame.io's certificates are validated by the Amazon Root CA 1 certificate authority. These certificates are available through various resources, including the Certifi library (used by Mozilla and the Python Requests library).

For implementation, we recommend the Certifi GitHub repository and certificate PEM bundle to validate HTTPS requests to api.frame.io.

Server: A server is a computer that provides or stores information for other computers. When you access Frame.io through a web browser, your browser requests content from Frame.io's server, which responds accordingly. Every action within Frame.io triggers a communication between your browser and our server, which processes your request and returns appropriate results. When uploading media to Frame.io, you're sending it to our servers.

Client: A client application requests information from or sends data to a server. When implementing the C2C API, you'll be developing a C2C client.

HTTP/S: Hypertext Transfer Protocol / Secure

HTTP/S operates within the application layer of the TCP/IP model. The difference between HTTP and HTTPS is security—HTTPS incorporates TLS/SSL verification into network communications.

HTTP has evolved through various versions, establishing new standards over time. Version 1.1 remains the global standard and should be used for Frame.io API communications. See the HTTP Requests section below for more information.

RESTful API: REST (Representational State Transfer) is a design methodology for developing APIs based on HTTP request-response patterns.

REST often serves as shorthand for the general approach of using HTTP for program-to-program interaction—as distinguished from browser-webpage communication—even when the API doesn't strictly adhere to REST principles.

JSON: JavaScript Object Notation.

JSON is a standardized data exchange format. Though initially developed for JavaScript objects, it has become a universal standard for networked communications. The C2C API delivers responses as JSON data.

Amazon Web Services (AWS): AWS provides cloud-based application development services. Frame.io uses AWS for media storage. When uploading content, you'll interact directly with AWS's Simple Storage Service to transfer your data to Frame.io.

AWS S3: Amazon's Simple Storage Service provides cloud-based data storage solutions. S3 stores Frame.io's video and audio media, and serves as the destination for integration uploads.

HTTP/S Requests

HTTP is ubiquitous in web browsing—appearing at the beginning of nearly every website address. HTTP (Hypertext Transfer Protocol) establishes standardized computer-to-computer communication protocols.

You can think of HTTP as a standardized form system for client-server interactions—similar to government forms required for information requests or program applications. Without properly completed forms, government agencies cannot process or respond to requests.

HTTP requests facilitate all Frame.io application interactions. Within the C2C API framework, HTTP request types represent the available functional capabilities.

For a comprehensive HTTP overview, see this informative article. Understanding these fundamentals is essential before proceeding. If you're new to HTTP requests, consider reviewing introductory materials. For optimal preparation, familiarize yourself with these HTTP concepts:

  • URLs

    • Protocol
    • Host
    • Port
    • Resource
  • Headers
  • Content-Type/Mimetype
  • Request and Response Payloads
  • HTTP verb applications: GET, POST, PUT, DELETE, etc.
  • Form Data

While networking libraries typically handle request construction, the HTTP/1.1 RFC (https://greenbytes.de/tech/webdav/rfc2616.html) provides a reference resource if needed.

Authentication and Authorization

We'll explore these concepts more thoroughly later, but understanding these foundational principles is important:

Authentication: Authentication verifies that requests come from claimed sources. When you log into websites with username/password credentials, you're authenticating yourself by demonstrating password knowledge. Multi-factor authentication—such as receiving verification codes via text message—represents additional authentication mechanisms.

Authorization: Authorization confirms permission to perform specific actions. When you add collaborators to Frame.io projects or Google documents, you're authorizing their access. Frame.io or Google have previously authenticated these users' identities, enabling you to confidently authorize their participation.

OAuth: OAuth (Open Authorization) provides a standardized framework for authorization management by integrating with third-party authentication services.

Scopes: Scopes define the authorized actions available to users. When connecting devices to Frame.io, you'll request and receive specific scopes that authorize particular operations. For example, the asset_create scope permits asset creation and uploading. Conceptually, scopes function as permission sets.

Next Steps

We encourage you to contact our team with any questions, then proceed to the next guide section. We look forward to supporting your integration efforts.