Concepts and Fundamentals

At its core, the Frame.io API enables communication between Frame.io's servers and your device or application, requiring network interactions for every operation.

Clear communication is essential in any relationship, including between servers and clients. Just as miscommunications occur in everyday conversation, similar challenges exist when computers exchange information.

Beyond addressing standard communication issues, we need to ensure secure transmission of sensitive data. Frame.io requires encryption for all server communications, adding necessary security layers to the process.

While implementing the C2C API, you'll likely use third-party libraries to handle networking details. However, since networking components often generate real-world errors, understanding the underlying processes when interacting with Frame.io's servers is valuable. Here's a concise glossary of essential terminology:

TCP/IP: Transmission Control Protocol / Internet Protocol

TCP/IP comprises standardized components and layers that enable global data transfer. For more information, we recommend this accessible, high-level resource.

TLS/SSL: Transport Layer Security / Secure Socket Layer

While TLS and SSL are technically different, they're commonly referenced interchangeably today. TLS represents the evolution of SSL, though the original acronym remains widely used.

Cryptography and Encryption—the disciplines focused on secure communication—are complex fields within computer science. Fortunately, as a C2C integrator, you only need to understand several key concepts: public keys, private keys, and certificates.

For more information about TLS, consult this overview.

Public and Private Keys: A public key works like a lock, while a private key serves as the corresponding key.

Think of this scenario: You want to send a confidential message to a colleague while ensuring privacy until delivery.

First, ask your colleague to send you a lock for which only they have the key.

Upon receiving this lock, secure your confidential message in a container using it. While anyone handling the container can see the lock, only your colleague has the key to access the contents. The lock provides no value to unauthorized parties trying to view the message. Even you cannot unlock it without the key.

When your colleague receives the secured container, they simply use their key to access the contents.

Public and private keys work the same way. You can share a public key widely. Recipients encrypt messages with this key, but only the private key holder can decrypt these communications. As long as the private key remains confidential, the public key cannot be used to decode the encrypted messages it creates.

This public/private key mechanism underpins TLS functionality, allowing parties to communicate openly while establishing secure, private channels.

Certificates: Certificates contain public and private keys, authenticated by trusted certification authorities.

When a Certificate Authority validates a key, it essentially vouches for the key's authenticity. Recipients of a public key—such as one from Google—can verify this endorsement from recognized certification authorities. Unendorsed keys are considered potentially fraudulent and trigger security alerts.

Frame.io's certificates are validated by the Amazon Root CA 1 certificate authority. These certificates are available through various resources, including the Certifi library (used by Mozilla and the Python Requests library).

For implementation, we recommend the Certifi GitHub repository and certificate PEM bundle to validate HTTPS requests to api.frame.io.

Server: A server is a computer that provides or stores information for other computers. When you access Frame.io through a web browser, your browser requests content from Frame.io's server, which responds accordingly. Every action within Frame.io triggers a communication between your browser and our server, which processes your request and returns appropriate results. When uploading media to Frame.io, you're sending it to our servers.

Client: A client application requests information from or sends data to a server. When implementing the C2C API, you'll be developing a C2C client.

HTTP/S: Hypertext Transfer Protocol / Secure

HTTP/S operates within the application layer of the TCP/IP model. The difference between HTTP and HTTPS is security—HTTPS incorporates TLS/SSL verification into network communications.

HTTP has evolved through various versions, establishing new standards over time. Version 1.1 remains the global standard and should be used for Frame.io API communications. See the HTTP Requests section below for more information.

RESTful API: REST (Representational State Transfer) is a design methodology for developing APIs based on HTTP request-response patterns.

REST often serves as shorthand for the general approach of using HTTP for program-to-program interaction—as distinguished from browser-webpage communication—even when the API doesn't strictly adhere to REST principles.

JSON: JavaScript Object Notation.

JSON is a standardized data exchange format. Though initially developed for JavaScript objects, it has become a universal standard for networked communications. The C2C API delivers responses as JSON data.

Amazon Web Services (AWS): AWS provides cloud-based application development services. Frame.io uses AWS for media storage. When uploading content, you'll interact directly with AWS's Simple Storage Service to transfer your data to Frame.io.

AWS S3: Amazon's Simple Storage Service provides cloud-based data storage solutions. S3 stores Frame.io's video and audio media, and serves as the destination for integration uploads.