This API collection powers the AIYT Video Summarizer service, which transforms YouTube videos into structured, human-readable summaries and formatted transcripts.
\nIt automates the full process β from extracting the video ID and fetching the transcript to cleaning the text, generating AI-based summaries, and producing neatly formatted transcripts with timestamps.
Built with FastAPI (Python), this service integrates seamlessly with the main .NET backend in the AIYT platform to deliver accurate and well-structured outputs.
The summarization process uses prompt-based models, allowing customization of the summaryβs tone and format β from simple concise summaries to friendly, emoji-rich, and idea-explaining versions.
This enables developers and end users to convert raw YouTube content into readable summaries and organized transcripts ideal for education, research, or content management workflows.
This endpoint extracts the YouTube video ID from a provided video URL.
Itβs the first step in the AIYT Video Summarizer pipeline β used to identify and process the target video before fetching transcripts or summaries.
This endpoint Fetchs the full transcript of a YouTube video in a structured format. Each transcript item includes the spoken text along with its start time and duration, which can be used for indexing, highlighting, or syncing with video content. This endpoint is typically used as part of a workflow to generate summaries, formatted transcripts, or show notes for video content.
\n","urlObject":{"path":["api","get_video_transcript"],"host":["{{BaseUrlAIService}}"],"query":[],"variable":[]}},"response":[{"id":"6f4d36c4-1506-4752-a5e5-c186f8287536","name":"Get Video Transcript Success","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"video_url\": \"https://www.youtube.com/watch?v=9JPnN1Z_iSY&t=6s\"\r\n}\r\n","options":{"raw":{"language":"json"}}},"url":"{{BaseUrlAIService}}/api/get_video_transcript"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"date","value":"Sat, 25 Oct 2025 16:37:21 GMT"},{"key":"server","value":"uvicorn"},{"key":"content-length","value":"11715"},{"key":"content-type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"transcript\": [\n {\n \"text\": \"Before a system can authorize or\",\n \"start\": 0,\n \"duration\": 4.24\n },\n {\n \"text\": \"restrict anything, it first needs to\",\n \"start\": 2.32,\n \"duration\": 4.64\n },\n {\n \"text\": \"know the identity of the requesttor.\",\n \"start\": 4.24,\n \"duration\": 4.72\n },\n {\n \"text\": \"That's what authentication does. It\",\n \"start\": 6.96,\n \"duration\": 3.84\n },\n {\n \"text\": \"verifies that the person or system\",\n \"start\": 8.96,\n \"duration\": 4.4\n },\n {\n \"text\": \"trying to access your app is legit. And\",\n \"start\": 10.8,\n \"duration\": 4.32\n },\n {\n \"text\": \"in this video, you'll learn how modern\",\n \"start\": 13.36,\n \"duration\": 3.999\n },\n {\n \"text\": \"applications handle authentication from\",\n \"start\": 15.12,\n \"duration\": 5.2\n },\n {\n \"text\": \"basic to bear tokens to OF2\",\n \"start\": 17.359,\n \"duration\": 6.16\n },\n {\n \"text\": \"authentication and GVT tokens as well as\",\n \"start\": 20.32,\n \"duration\": 5.68\n },\n {\n \"text\": \"access and refresh tokens and also\",\n \"start\": 23.519,\n \"duration\": 5.68\n },\n {\n \"text\": \"single sign on and identity protocols.\",\n \"start\": 26,\n \"duration\": 4.88\n },\n {\n \"text\": \"Before learning the different types,\",\n \"start\": 29.199,\n \"duration\": 3.281\n },\n {\n \"text\": \"let's first understand what is\",\n \"start\": 30.88,\n \"duration\": 4.24\n },\n {\n \"text\": \"authentication. Authentication basically\",\n \"start\": 32.48,\n \"duration\": 5.2\n },\n {\n \"text\": \"answers who the user is and if they are\",\n \"start\": 35.12,\n \"duration\": 5.04\n },\n {\n \"text\": \"allowed to access your system. So\",\n \"start\": 37.68,\n \"duration\": 4.64\n },\n {\n \"text\": \"whenever a login request is sent either\",\n \"start\": 40.16,\n \"duration\": 5.04\n },\n {\n \"text\": \"by the user or another service. This is\",\n \"start\": 42.32,\n \"duration\": 5.04\n },\n {\n \"text\": \"where we confirm the identity of the\",\n \"start\": 45.2,\n \"duration\": 5.28\n },\n {\n \"text\": \"user and either provide them access so\",\n \"start\": 47.36,\n \"duration\": 5.44\n },\n {\n \"text\": \"approve their request or reject it with\",\n \"start\": 50.48,\n \"duration\": 5.04\n },\n {\n \"text\": \"unauthorized request. This is basically\",\n \"start\": 52.8,\n \"duration\": 4.96\n },\n {\n \"text\": \"the first step before authorization\",\n \"start\": 55.52,\n \"duration\": 4.559\n },\n {\n \"text\": \"begins which is the topic of the next\",\n \"start\": 57.76,\n \"duration\": 5.36\n },\n {\n \"text\": \"lesson. So before you access any data or\",\n \"start\": 60.079,\n \"duration\": 5.601\n },\n {\n \"text\": \"perform any actions on this service, the\",\n \"start\": 63.12,\n \"duration\": 4.64\n },\n {\n \"text\": \"system needs to know who you are and\",\n \"start\": 65.68,\n \"duration\": 4\n },\n {\n \"text\": \"this is where the authentication is\",\n \"start\": 67.76,\n \"duration\": 4.56\n },\n {\n \"text\": \"used. The first and simplest type of\",\n \"start\": 69.68,\n \"duration\": 5.2\n },\n {\n \"text\": \"authentication is basic authentication.\",\n \"start\": 72.32,\n \"duration\": 4.56\n },\n {\n \"text\": \"This is where you use username and\",\n \"start\": 74.88,\n \"duration\": 4.72\n },\n {\n \"text\": \"password in combination and you send a\",\n \"start\": 76.88,\n \"duration\": 5.76\n },\n {\n \"text\": \"login request which contains the base 64\",\n \"start\": 79.6,\n \"duration\": 5.28\n },\n {\n \"text\": \"encoded version of username and\",\n \"start\": 82.64,\n \"duration\": 5.2\n },\n {\n \"text\": \"password. This is a very simple way of\",\n \"start\": 84.88,\n \"duration\": 5.12\n },\n {\n \"text\": \"encoding data and it's easily\",\n \"start\": 87.84,\n \"duration\": 4.4\n },\n {\n \"text\": \"reversible. And because it's easily\",\n \"start\": 90,\n \"duration\": 4.799\n },\n {\n \"text\": \"reversible, it's now considered insecure\",\n \"start\": 92.24,\n \"duration\": 5.44\n },\n {\n \"text\": \"unless it's wrapped within HTTPS.\",\n \"start\": 94.799,\n \"duration\": 4.881\n },\n {\n \"text\": \"But even with that, it is now very\",\n \"start\": 97.68,\n \"duration\": 4.24\n },\n {\n \"text\": \"rarely used outside of the internal\",\n \"start\": 99.68,\n \"duration\": 5.36\n },\n {\n \"text\": \"tools in the company. Next we have bear\",\n \"start\": 101.92,\n \"duration\": 5.76\n },\n {\n \"text\": \"tokens which are more secure compared to\",\n \"start\": 105.04,\n \"duration\": 5.359\n },\n {\n \"text\": \"basic authentication. Here you send the\",\n \"start\": 107.68,\n \"duration\": 5.119\n },\n {\n \"text\": \"access token with each request instead\",\n \"start\": 110.399,\n \"duration\": 4.72\n },\n {\n \"text\": \"of the username and password encoding.\",\n \"start\": 112.799,\n \"duration\": 4.32\n },\n {\n \"text\": \"So whenever the client needs to access\",\n \"start\": 115.119,\n \"duration\": 4.241\n },\n {\n \"text\": \"resources they send this token within\",\n \"start\": 117.119,\n \"duration\": 4.96\n },\n {\n \"text\": \"the request and then your API verifies\",\n \"start\": 119.36,\n \"duration\": 5.439\n },\n {\n \"text\": \"or rejects the token and if it verifies\",\n \"start\": 122.079,\n \"duration\": 4.72\n },\n {\n \"text\": \"then you send the successful response\",\n \"start\": 124.799,\n \"duration\": 4.88\n },\n {\n \"text\": \"with the data that they requested. Bear\",\n \"start\": 126.799,\n \"duration\": 4.641\n },\n {\n \"text\": \"tokens are the standard approach\",\n \"start\": 129.679,\n \"duration\": 4.481\n },\n {\n \"text\": \"nowadays especially in API design\",\n \"start\": 131.44,\n \"duration\": 5.12\n },\n {\n \"text\": \"because it is fast and stateless which\",\n \"start\": 134.16,\n \"duration\": 5.68\n },\n {\n \"text\": \"makes it easy to scale those APIs. The\",\n \"start\": 136.56,\n \"duration\": 5.92\n },\n {\n \"text\": \"next type is of2 authentication in\",\n \"start\": 139.84,\n \"duration\": 6.16\n },\n {\n \"text\": \"combination with GVt tokens. So O of 2\",\n \"start\": 142.48,\n \"duration\": 6\n },\n {\n \"text\": \"is a protocol which is the second\",\n \"start\": 146,\n \"duration\": 5.599\n },\n {\n \"text\": \"version of OAF. It lets users login\",\n \"start\": 148.48,\n \"duration\": 5.68\n },\n {\n \"text\": \"through a trusted provider like Google\",\n \"start\": 151.599,\n \"duration\": 5.601\n },\n {\n \"text\": \"or GitHub. So user sends a request to\",\n \"start\": 154.16,\n \"duration\": 5.6\n },\n {\n \"text\": \"access your resources and if you allow\",\n \"start\": 157.2,\n \"duration\": 4.399\n },\n {\n \"text\": \"them to authenticate with Google\",\n \"start\": 159.76,\n \"duration\": 4.24\n },\n {\n \"text\": \"basically Google sends your app a GVT\",\n \"start\": 161.599,\n \"duration\": 4.64\n },\n {\n \"text\": \"token which contains the information of\",\n \"start\": 164,\n \"duration\": 4.72\n },\n {\n \"text\": \"this user. This is how that payload will\",\n \"start\": 166.239,\n \"duration\": 4.401\n },\n {\n \"text\": \"look like. Usually they send you the\",\n \"start\": 168.72,\n \"duration\": 5.04\n },\n {\n \"text\": \"user ID or the email, the username and\",\n \"start\": 170.64,\n \"duration\": 5.599\n },\n {\n \"text\": \"more stuff and also the expiration date\",\n \"start\": 173.76,\n \"duration\": 5.759\n },\n {\n \"text\": \"for this GVT tokens. This is a signed\",\n \"start\": 176.239,\n \"duration\": 5.841\n },\n {\n \"text\": \"object which then you pass from your app\",\n \"start\": 179.519,\n \"duration\": 5.281\n },\n {\n \"text\": \"to the API and then your API will\",\n \"start\": 182.08,\n \"duration\": 5.519\n },\n {\n \"text\": \"authenticate based on this information.\",\n \"start\": 184.8,\n \"duration\": 5.68\n },\n {\n \"text\": \"GVs are also stateless similar to bearer\",\n \"start\": 187.599,\n \"duration\": 4.56\n },\n {\n \"text\": \"tokens which means that you don't need\",\n \"start\": 190.48,\n \"duration\": 4.24\n },\n {\n \"text\": \"to store sessions between the requests\",\n \"start\": 192.159,\n \"duration\": 4.72\n },\n {\n \"text\": \"and each request can be executed\",\n \"start\": 194.72,\n \"duration\": 4.48\n },\n {\n \"text\": \"separately. And if you want to see how\",\n \"start\": 196.879,\n \"duration\": 4\n },\n {\n \"text\": \"these authentication flows are\",\n \"start\": 199.2,\n \"duration\": 4\n },\n {\n \"text\": \"implemented in real world projects and\",\n \"start\": 200.879,\n \"duration\": 4.401\n },\n {\n \"text\": \"not just in theory, then you can check\",\n \"start\": 203.2,\n \"duration\": 4.319\n },\n {\n \"text\": \"out my mentorship program which will be\",\n \"start\": 205.28,\n \"duration\": 4.48\n },\n {\n \"text\": \"the first link in the description. Next,\",\n \"start\": 207.519,\n \"duration\": 4.64\n },\n {\n \"text\": \"we also have access and refresh types of\",\n \"start\": 209.76,\n \"duration\": 4.72\n },\n {\n \"text\": \"tokens. So, modern systems use\",\n \"start\": 212.159,\n \"duration\": 4.8\n },\n {\n \"text\": \"shortlived access tokens which expire\",\n \"start\": 214.48,\n \"duration\": 5.839\n },\n {\n \"text\": \"faster and also long live refresh tokens\",\n \"start\": 216.959,\n \"duration\": 5.681\n },\n {\n \"text\": \"which usually expire later than the\",\n \"start\": 220.319,\n \"duration\": 5.2\n },\n {\n \"text\": \"access tokens. Access tokens are used\",\n \"start\": 222.64,\n \"duration\": 5.2\n },\n {\n \"text\": \"for API calls. So whenever you want to\",\n \"start\": 225.519,\n \"duration\": 4.64\n },\n {\n \"text\": \"get some data from the API, you send\",\n \"start\": 227.84,\n \"duration\": 5.759\n },\n {\n \"text\": \"this access token to access the data and\",\n \"start\": 230.159,\n \"duration\": 5.601\n },\n {\n \"text\": \"refresh tokens on the other hand are\",\n \"start\": 233.599,\n \"duration\": 4.64\n },\n {\n \"text\": \"used to renew the access tokens. So\",\n \"start\": 235.76,\n \"duration\": 5.039\n },\n {\n \"text\": \"whenever the access token expires, this\",\n \"start\": 238.239,\n \"duration\": 4.64\n },\n {\n \"text\": \"is where you will use the refresh token\",\n \"start\": 240.799,\n \"duration\": 4.961\n },\n {\n \"text\": \"to get a new one, a new access token\",\n \"start\": 242.879,\n \"duration\": 5.521\n },\n {\n \"text\": \"behind the scenes. So this way users\",\n \"start\": 245.76,\n \"duration\": 4.479\n },\n {\n \"text\": \"won't be logged out. they will stay\",\n \"start\": 248.4,\n \"duration\": 4.399\n },\n {\n \"text\": \"logged in and also your system will stay\",\n \"start\": 250.239,\n \"duration\": 4.321\n },\n {\n \"text\": \"secure because you are frequently\",\n \"start\": 252.799,\n \"duration\": 4.4\n },\n {\n \"text\": \"renewing this access token. And one note\",\n \"start\": 254.56,\n \"duration\": 4.32\n },\n {\n \"text\": \"here is that you should typically keep\",\n \"start\": 257.199,\n \"duration\": 4.081\n },\n {\n \"text\": \"the refresh tokens in the server side\",\n \"start\": 258.88,\n \"duration\": 5.36\n },\n {\n \"text\": \"for security reasons. And lastly, we\",\n \"start\": 261.28,\n \"duration\": 5.52\n },\n {\n \"text\": \"have SSO which stands for single sign on\",\n \"start\": 264.24,\n \"duration\": 4.88\n },\n {\n \"text\": \"and identity protocols that are used\",\n \"start\": 266.8,\n \"duration\": 5.44\n },\n {\n \"text\": \"with it. Single sign on lets users have\",\n \"start\": 269.12,\n \"duration\": 5.92\n },\n {\n \"text\": \"one login. So login once and access\",\n \"start\": 272.24,\n \"duration\": 5.04\n },\n {\n \"text\": \"multiple services. For example, when you\",\n \"start\": 275.04,\n \"duration\": 4.48\n },\n {\n \"text\": \"log into Google, you can access both\",\n \"start\": 277.28,\n \"duration\": 5.52\n },\n {\n \"text\": \"Gmail, Drive, and also calendar and all\",\n \"start\": 279.52,\n \"duration\": 5.84\n },\n {\n \"text\": \"of their other services. And behind the\",\n \"start\": 282.8,\n \"duration\": 5.36\n },\n {\n \"text\": \"scenes, this SSO uses either SL protocol\",\n \"start\": 285.36,\n \"duration\": 6.399\n },\n {\n \"text\": \"or O of 2 protocol. Oaf 2 is used more\",\n \"start\": 288.16,\n \"duration\": 6\n },\n {\n \"text\": \"often nowadays for the modern\",\n \"start\": 291.759,\n \"duration\": 5.121\n },\n {\n \"text\": \"applications to login with Google or\",\n \"start\": 294.16,\n \"duration\": 5.039\n },\n {\n \"text\": \"with GitHub or any other service\",\n \"start\": 296.88,\n \"duration\": 5.44\n },\n {\n \"text\": \"provider. It is a modern and JSON based.\",\n \"start\": 299.199,\n \"duration\": 5.521\n },\n {\n \"text\": \"And on the other hand, SL protocol uses\",\n \"start\": 302.32,\n \"duration\": 5.52\n },\n {\n \"text\": \"XML based approach. But still, SL is\",\n \"start\": 304.72,\n \"duration\": 5.759\n },\n {\n \"text\": \"very popular in the legacy systems and\",\n \"start\": 307.84,\n \"duration\": 4.56\n },\n {\n \"text\": \"in companies that use things like\",\n \"start\": 310.479,\n \"duration\": 4.961\n },\n {\n \"text\": \"Salesforce or internal dashboards. So\",\n \"start\": 312.4,\n \"duration\": 5.28\n },\n {\n \"text\": \"these are identity protocols which means\",\n \"start\": 315.44,\n \"duration\": 4.64\n },\n {\n \"text\": \"that they will define how apps securely\",\n \"start\": 317.68,\n \"duration\": 4.56\n },\n {\n \"text\": \"exchange the user login information\",\n \"start\": 320.08,\n \"duration\": 4.48\n },\n {\n \"text\": \"between each other. But authentication\",\n \"start\": 322.24,\n \"duration\": 4.64\n },\n {\n \"text\": \"is just the first step before users can\",\n \"start\": 324.56,\n \"duration\": 4.72\n },\n {\n \"text\": \"access your service. So this tells you\",\n \"start\": 326.88,\n \"duration\": 4.96\n },\n {\n \"text\": \"who the user is and if they are allowed\",\n \"start\": 329.28,\n \"duration\": 4.8\n },\n {\n \"text\": \"to access your service. That is when\",\n \"start\": 331.84,\n \"duration\": 4.4\n },\n {\n \"text\": \"they send a login request and you\",\n \"start\": 334.08,\n \"duration\": 5.119\n },\n {\n \"text\": \"confirm or deny their identity. But\",\n \"start\": 336.24,\n \"duration\": 4.32\n },\n {\n \"text\": \"after that you also have the\",\n \"start\": 339.199,\n \"duration\": 3.84\n },\n {\n \"text\": \"authorization step which tells you what\",\n \"start\": 340.56,\n \"duration\": 4.88\n },\n {\n \"text\": \"resources exactly this user can access\",\n \"start\": 343.039,\n \"duration\": 4.641\n },\n {\n \"text\": \"to. Basically it tells you what they can\",\n \"start\": 345.44,\n \"duration\": 6.08\n },\n {\n \"text\": \"do what the user can do in your system.\",\n \"start\": 347.68,\n \"duration\": 5.92\n },\n {\n \"text\": \"Which tells you what resources exactly\",\n \"start\": 351.52,\n \"duration\": 4.48\n },\n {\n \"text\": \"this user can access to. Basically it\",\n \"start\": 353.6,\n \"duration\": 4.4\n },\n {\n \"text\": \"tells you what they can do. what the\",\n \"start\": 356,\n \"duration\": 4.72\n },\n {\n \"text\": \"user can do in your system. And that is\",\n \"start\": 358,\n \"duration\": 4.72\n },\n {\n \"text\": \"what we will cover next in the next\",\n \"start\": 360.72,\n \"duration\": 4.479\n },\n {\n \"text\": \"video.\",\n \"start\": 362.72,\n \"duration\": 2.479\n }\n ]\n}"},{"id":"e3c3e2b4-75bc-4bc9-b971-c74f2fa378b7","name":"Get Video Transcript Bad Request","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"video_url\": \"https://www.youtube.com/watch?v=Jjr5TDc0Dok\"\r\n}\r\n","options":{"raw":{"language":"json"}}},"url":"{{BaseUrlAIService}}/api/get_video_transcript"},"status":"Bad Request","code":400,"_postman_previewlanguage":null,"header":[{"key":"date","value":"Sat, 25 Oct 2025 16:46:00 GMT"},{"key":"server","value":"uvicorn"},{"key":"content-length","value":"53"},{"key":"content-type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"detail\": \"Transcripts are disabled for this video.\"\n}"}],"_postman_id":"829043da-7a99-4f46-a2a8-42767c29926c"},{"name":"Get Video Summary And Formatted Transcript","id":"5b58cf50-10b3-4894-9fae-ef30d529afa6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"video_url\": \"https://www.youtube.com/watch?v=aq3IbO0RwAQ&list=PL82C6-O4XrHeyeJcI5xrywgpfbrqdkQd4&index=1\",\r\n \"prompt_type\": \"friendly_summary_with_emojis_and_ideas_explenation\",\r\n \"text_with_timestamp\": \"string\",\r\n \"model\": \"command-a-03-2025\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{BaseUrlAIService}}/api/summarize_format_transcript","description":"This endpoint performs the full AI summarization and transcript formatting pipeline for a given YouTube video URL.
It automatically fetches the video transcript, cleans the text, and then applies an LLM-based summarization model to produce:
𧩠summary_sections β Structured, timestamped summaries grouped by topic.
ποΈ formatted_transcript β Readable transcript paragraphs aligned with start and end times.
This endpoint is ideal for generating show notes, chapter breakdowns, educational material, or AI-enhanced summaries of videos.
\n","urlObject":{"path":["api","summarize_format_transcript"],"host":["{{BaseUrlAIService}}"],"query":[],"variable":[]}},"response":[{"id":"7e10c583-591f-47e7-bc65-2bb48b89760c","name":"Get Video Summary And Formatted Transcript Success","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"video_url\": \"https://youtu.be/9JPnN1Z_iSY?si=d9vXUWzdlbXhVl9Q\",\r\n \"prompt_type\": \"friendly_summary_with_emojis_and_ideas_explenation\",\r\n \"text_with_timestamp\": \"string\",\r\n \"model\": \"command-a-03-2025\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{BaseUrlAIService}}/api/summarize_format_transcript"},"status":"OK","code":200,"_postman_previewlanguage":null,"header":[{"key":"date","value":"Sat, 25 Oct 2025 16:46:41 GMT"},{"key":"server","value":"uvicorn"},{"key":"content-length","value":"6962"},{"key":"content-type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"summary_sections\": [\n {\n \"title\": \"π‘οΈ What is Authentication?\",\n \"summary\": \"Authentication is the process of verifying the identity of a user or system trying to access an app. It's the first step before authorization, ensuring the requestor is legitimate. Think of it like showing your ID before entering a secure area.\",\n \"start\": 0,\n \"end\": 72.32\n },\n {\n \"title\": \"π Authentication Methods Explained\",\n \"summary\": \"From basic username/password combos to modern techniques like Bearer Tokens, OAuth2, and GVT tokens, authentication methods vary in security and complexity. Bearer Tokens are fast and stateless, while OAuth2 allows login via trusted providers like Google. Access and Refresh Tokens keep users logged in securely, and Single Sign-On (SSO) simplifies access across multiple services.\",\n \"start\": 72.32,\n \"end\": 279.52\n },\n {\n \"title\": \"π€ Protocols and Future Steps\",\n \"summary\": \"Identity protocols like OAuth2 and SAML define how apps securely exchange user login info. OAuth2 is modern and JSON-based, while SAML is XML-based and common in legacy systems. After authentication, authorization determines what resources a user can access, which we'll cover in the next video.\",\n \"start\": 279.52,\n \"end\": 365.2\n }\n ],\n \"formatted_transcript\": [\n {\n \"text\": \"Before a system can authorize or restrict anything, it first needs to know the identity of the requestor. That's what authentication does. It verifies that the person or system trying to access your app is legit. And in this video, you'll learn how modern applications handle authentication from basic to bear tokens to OAuth2 authentication and GVT tokens as well as access and refresh tokens and also single sign on and identity protocols.\",\n \"start\": 0,\n \"end\": 30.88\n },\n {\n \"text\": \"Before learning the different types, let's first understand what is authentication. Authentication basically answers who the user is and if they are allowed to access your system. So whenever a login request is sent either by the user or another service, this is where we confirm the identity of the user and either provide them access so approve their request or reject it with unauthorized request. This is basically the first step before authorization begins which is the topic of the next lesson.\",\n \"start\": 29.2,\n \"end\": 63.12\n },\n {\n \"text\": \"So before you access any data or perform any actions on this service, the system needs to know who you are and this is where the authentication is used. The first and simplest type of authentication is basic authentication. This is where you use username and password in combination and you send a login request which contains the base 64 encoded version of username and password. This is a very simple way of encoding data and it's easily reversible. And because it's easily reversible, it's now considered insecure unless it's wrapped within HTTPS.\",\n \"start\": 60.08,\n \"end\": 99.68\n },\n {\n \"text\": \"But even with that, it is now very rarely used outside of the internal tools in the company. Next we have bearer tokens which are more secure compared to basic authentication. Here you send the access token with each request instead of the username and password encoding. So whenever the client needs to access resources they send this token within the request and then your API verifies or rejects the token and if it verifies then you send the successful response with the data that they requested. Bearer tokens are the standard approach nowadays especially in API design because it is fast and stateless which makes it easy to scale those APIs.\",\n \"start\": 97.68,\n \"end\": 139.84\n },\n {\n \"text\": \"The next type is OAuth2 authentication in combination with GVT tokens. OAuth2 is a protocol which is the second version of OAuth. It lets users login through a trusted provider like Google or GitHub. So user sends a request to access your resources and if you allow them to authenticate with Google basically Google sends your app a GVT token which contains the information of this user. This is how that payload will look like. Usually they send you the user ID or the email, the username and more stuff and also the expiration date for this GVT tokens. This is a signed object which then you pass from your app to the API and then your API will authenticate based on this information.\",\n \"start\": 136.56,\n \"end\": 184.8\n },\n {\n \"text\": \"GVTs are also stateless similar to bearer tokens which means that you don't need to store sessions between the requests and each request can be executed separately. And if you want to see how these authentication flows are implemented in real world projects and not just in theory, then you can check out my mentorship program which will be the first link in the description. Next, we also have access and refresh types of tokens. So, modern systems use short-lived access tokens which expire faster and also long-live refresh tokens which usually expire later than the access tokens. Access tokens are used for API calls. So whenever you want to get some data from the API, you send this access token to access the data and refresh tokens on the other hand are used to renew the access tokens.\",\n \"start\": 182.08,\n \"end\": 240.8\n },\n {\n \"text\": \"So whenever the access token expires, this is where you will use the refresh token to get a new one, a new access token behind the scenes. So this way users won't be logged out. they will stay logged in and also your system will stay secure because you are frequently renewing this access token. And one note here is that you should typically keep the refresh tokens in the server side for security reasons. And lastly, we have SSO which stands for single sign on and identity protocols that are used with it. Single sign on lets users have one login. So login once and access multiple services. For example, when you log into Google, you can access both Gmail, Drive, and also calendar and all of their other services.\",\n \"start\": 238.24,\n \"end\": 279.52\n },\n {\n \"text\": \"And behind the scenes, this SSO uses either SAML protocol or OAuth2 protocol. OAuth2 is used more often nowadays for the modern applications to login with Google or with GitHub or any other service provider. It is a modern and JSON based. And on the other hand, SAML protocol uses XML based approach. But still, SAML is very popular in the legacy systems and in companies that use things like Salesforce or internal dashboards. So these are identity protocols which means that they will define how apps securely exchange the user login information between each other.\",\n \"start\": 277.28,\n \"end\": 322.24\n },\n {\n \"text\": \"But authentication is just the first step before users can access your service. So this tells you who the user is and if they are allowed to access your service. That is when they send a login request and you confirm or deny their identity. But after that you also have the authorization step which tells you what resources exactly this user can access to. Basically it tells you what they can do what the user can do in your system. And that is what we will cover next in the next video.\",\n \"start\": 320.08,\n \"end\": 365.2\n }\n ]\n}"},{"id":"8a0d579b-2b4b-401c-9506-b48ebf761b2f","name":"Get Video Summary And Formatted Transcript Bad Request","originalRequest":{"method":"POST","header":[],"body":{"mode":"raw","raw":"{\r\n \"video_url\": \"https://youtu.be/9JPnN1_iSY?si=d9vXUWzdlbXhVl9Q\",\r\n \"prompt_type\": \"friendly_summary_with_emojis_and_ideas_explenation\",\r\n \"text_with_timestamp\": \"string\",\r\n \"model\": \"command-a-03-2025\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{BaseUrlAIService}}/api/summarize_format_transcript"},"status":"Bad Request","code":400,"_postman_previewlanguage":null,"header":[{"key":"date","value":"Sat, 25 Oct 2025 16:47:52 GMT"},{"key":"server","value":"uvicorn"},{"key":"content-length","value":"33"},{"key":"content-type","value":"application/json"}],"cookie":[],"responseTime":null,"body":"{\n \"detail\": \"Invalid YouTube URL.\"\n}"}],"_postman_id":"5b58cf50-10b3-4894-9fae-ef30d529afa6"}],"id":"c0058a09-0df2-4d2b-8f78-5ccf113b536c","description":"This folder contains all endpoints related to processing YouTube videos in the AIYT Video Summarizer service.
Together, they handle extracting video IDs, fetching and cleaning transcripts, and generating timestamped summaries and formatted transcripts.
These endpoints can be used together to convert YouTube video transcript into structured, sectioned summaries β ideal for show notes, chapters, or content repurposing.
\n","_postman_id":"c0058a09-0df2-4d2b-8f78-5ccf113b536c"}]}