How to use oauth1.0 - help for a noob!
dpatel20
Registered Users Posts: 3 Beginner grinner
Hi, I am trying to get started with the smugmug API and oauth1.0a but can't seem to figure it out.
From what I understand, since I am only interested in using the API on my account, I can use the Access Token and Token Secret from my account settings. But I have no idea how to then sign the request with this. If I do a GET command with header containing ("Content Type", "application/json") it works. But when I change it to "Accept" I get an unauthorised (401) response.
As a quick test, I tried using hurl.it (online REST tool) but I do not know what to put into Consumer Key and Consumer Secret. I assume Consumer Key=API Key but what is Consumer Secret - is that the API Secret (I thought this should be treated like a password so should not be revealed)??
An example in Javascript would be most appreciated. How do I sign the request?
var xhttp = new XMLHttpRequest();
xhttp.open("GET", "URI here", true);
xhttp.setRequestHeader("Accept", "application/json");
xhttp.send();
From what I understand, since I am only interested in using the API on my account, I can use the Access Token and Token Secret from my account settings. But I have no idea how to then sign the request with this. If I do a GET command with header containing ("Content Type", "application/json") it works. But when I change it to "Accept" I get an unauthorised (401) response.
As a quick test, I tried using hurl.it (online REST tool) but I do not know what to put into Consumer Key and Consumer Secret. I assume Consumer Key=API Key but what is Consumer Secret - is that the API Secret (I thought this should be treated like a password so should not be revealed)??
An example in Javascript would be most appreciated. How do I sign the request?
var xhttp = new XMLHttpRequest();
xhttp.open("GET", "URI here", true);
xhttp.setRequestHeader("Accept", "application/json");
xhttp.send();
0
Comments
(This is using the access token and token secret provided in the smugmug settings. If you need to access another account, then you need to go through the oAuth request token, etc).
You need to sign every request using the method described in the oAuth standard. But, there are many libraries that can do this (see oauth.net/1/). I used one just to make a quick JS test client that will never be shared (you need to use your API secret as the consumer secret - exposing that is client side is bad; but as I'm not sharing my code then it's OK).