OAuth API Authorization

Last Edited: July 18th, 2012

You may test your integration using the OAuth consumer key value "Dummy" and consumer secret value "secret." Open source OAuth implementations are available in several languages. The following examples will make a signed OAuth request to AppDirect:


This example uses OAuth Signpost to sign an outgoing request:

OAuthConsumer consumer = new DefaultOAuthConsumer("Dummy", "secret");
URL url = new URL("https://www.appdirect.com/AppDirect/rest/api/events/dummyChange");
HttpURLConnection request = (HttpURLConnection) url.openConnection();

This signs a return URL:

OAuthConsumer consumer = new DefaultOAuthConsumer("Dummy", "secret");
consumer.setSigningStrategy( new QueryStringSigningStrategy());
String url = "https://www.appdirect.com/AppDirect/finishorder?success=true&accountIdentifer=Alice";
String signedUrl = consumer.sign(url);


This example uses the python-oauth2 client to sign and issue a request.

import oauth2 as oauth
consumer_key = 'Dummy'
consumer_secret = 'secret'
request_url = "https://www.appdirect.com/AppDirect/rest/api/events/dummyChange"

# Create your consumer with the proper key/secret.
consumer = oauth.Consumer(consumer_key, consumer_secret)

# Create our client.
client = oauth.Client(consumer)

# The OAuth Client request works just like httplib2 for the most part.
resp, content = client.request(request_url)
print resp
print content

This will sign a return URL:

import oauth2 as oauth

consumer_key = 'Dummy'
consumer_secret = 'secret'
request_url = "https://www.appdirect.com/AppDirect/finishorder?success=true&accountIdentifer=Alice"
req = oauth.Request("GET", request_url)
# Python-oauth2 Request.sign() does not include a timestamp or nonce by default
req['oauth_timestamp'] = oauth.Request.make_timestamp()
req['oauth_nonce'] = oauth.Request.make_nonce()
sig_method = oauth.SignatureMethod_HMAC_SHA1()
consumer = oauth.Consumer(consumer_key, consumer_secret)
req.sign_request(sig_method, consumer, token=None)
print req.to_url()


This example uses Andy Smith's Basic OAuth Library. It also depends on Curl:


# Initialize OAuth Consumer
$CONSUMER_KEY = "Dummy";
$CONSUMER_SECRET = "secret";
$consumer = new OAuthConsumer($CONSUMER_KEY, $CONSUMER_SECRET);

# Prepare the request
$eventUrl = 'https://www.appdirect.com/rest/api/events/dummyAssign';
$request = OAuthRequest::from_consumer_and_token($consumer, NULL, 'GET', $eventUrl, NULL);
$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, NULL);
$auth_header = $request->to_header();

# Setup curl
$curl = curl_init($eventUrl);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FAILONERROR, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_HTTPHEADER, array($auth_header));

# Fetch the event
$response = curl_exec($curl);

This will generate a signed URL, appropriate for user redirects:

$request = OAuthRequest::from_consumer_and_token($consumer, NULL, 'GET', $eventUrl, NULL);
$request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, NULL);
$url = $request->to_url();

This will parse and display the response using simplexml:

$event = simplexml_load_string($response);
$account = $event->payload->account;
$assignedUser = $event->payload->user;
$creator = $event->creator;


This code uses the oauth gem to sign and issue a request. It will also "pretty-print" the result using xml-simple:

require 'rubygems'
require 'oauth'
require 'xmlsimple'

event_url = "https://www.appdirect.com/rest/api/events/dummyOrder"
consumer = OAuth::Consumer.new("Dummy", "secret")
access_token = OAuth::AccessToken.new(consumer)
response = access_token.get(event_url)
event = XmlSimple.xml_in(response.body)
output = XmlSimple.xml_out(event)
print output

This will generate a signed URL:

require 'rubygems'
require 'oauth'

event_url = "https://www.appdirect.com/rest/api/events/dummyOrder"
site = "https://www.appdirect.com"
path = "/redirect/path"
consumer = OAuth::Consumer.new("Dummy", "secret", {
                               :site => site,
                               :scheme => :query_string })
req = consumer.create_signed_request(:get, path)
print "#{site}#{req.path}"

(Thanks to Joey Bratton for sample Ruby code.)


This code will generate a signed URL and make a request to fetch the event using OAuthBase:

OAuthBase oauthBase = new OAuthBase();
string uri = "https://www.appdirect.com/rest/api/events/dummyOrder";
string consumerKey = "Dummy";
string consumerSecret = "secret";
string timestamp = oauthBase.GenerateTimeStamp();
string nonce = oauthBase.GenerateNonce();
string normalizedUrl;
string normalizedRequestParameters;
string sig = HttpUtility.UrlEncode(oauthBase.GenerateSignature(
    new Uri(uri), consumerKey, consumerSecret, string.Empty, string.Empty,
    "GET", timestamp, nonce, out normalizedUrl, out normalizedRequestParameters));
string requestUrl = String.Format("{0}?{1}&oauth_signature={2}", normalizedUrl, normalizedRequestParameters, sig);

HttpWebRequest request = (HttpWebRequest) HttpWebRequest.Create(requestUrl);
HttpWebResponse response = (HttpWebResponse) request.GetResponse();
Console.WriteLine(new StreamReader(response.GetResponseStream()).ReadToEnd());