oAuth authentication

This page describes the full oAuth 1.0 process. If you want to keep it simple, you should rely on a client library: a full list is available on the oAuth site.

DoYouBuzz User API uses oAuth 1.0 protocol for authentication and authorization. For more information on oAuth you can refer to the official documentation.

Summary

Before you can access a user's data, you must do the following :

RequestToken (obtain a request token)

Send the request

GET http://www.doyoubuzz.com/fr/oauth/requestToken

Parameter (all required) Description
oauth_consumer_key The API key of your application, given by DoYouBuzz
oauth_signature_method Signature algorithm. The legal values for this parameter "RSA-SHA1" or "HMAC-SHA1".
oauth_timestamp Integer representing the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT.
oauth_nonce Random 64-bit, unsigned number encoded as an ASCII string in decimal format. The nonce/timestamp pair should always be unique to prevent replay attacks.
oauth_callback URL the user should be redirected to after the access is granted (in response to a call to AuthorizeToken). The callback URL can include url-encoded query parameters.
oauth_signature String generated using the referenced signature method. See Signing requests.

Get the tokens

If the request for a request token is successfull, DoYouBuzz responds with a GET 200 OK message containing oauth_token and oauth_token_secret.

Sample response:

oauth_token=ac3cd9j512ks73he4g&oauth_token_secret=YXacbXBsZS6jb21

authorizeToken (ask the user for his authorization)

GET http://www.doyoubuzz.com/fr/oauth/authorize

Parameter Description
oauth_token Request token obtained from DoYouBuzz with requestToken
oauth_callback The same value you sent to DoYouBuzz with requestToken

The user will be redirected on DoYouBuzz.com and prompted to authorize your application.

See the authorization screen

getAccessToken (get the access token)

When the user has authorized your application, he is redirected to your callback url with the following parameters : oauth_token and oauth_verifier

On your callback page, you need to contact one last time DoYouBuzz to exchange an authorize token for an access token

GET http://www.doyoubuzz.com/fr/oauth/accessToken with the following parameters

Parameter (all required) Description
oauth_verifier Token obtained from DoYouBuzz with
oauth_consumer_key The API key of your application, given by DoYouBuzz
oauth_signature_method Signature algorithm. The legal values for this parameter "RSA-SHA1" or "HMAC-SHA1".
oauth_nonce Random 64-bit, unsigned number encoded as an ASCII string in decimal format. The nonce/timestamp pair should always be unique to prevent replay attacks.
oauth_timestamp Integer representing the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT.
oauth_version Use "1.0"
oauth_signature String generated using the referenced signature method. See Signing requests.

If the request for an access token is successfull, DoYouBuzz responds with a GET 200 OK message containing oauth_token and oauth_token_secret.

You will need these values to access the protected ressources. The oauth_token is different from the previous one returned by DoYouBuzz. This one will allow you to access the protected ressources (and can be saved in your database for later use).

Access protected ressources

GET https://api.doyoubuzz.com/<ENDPOINT>

(replace ENDPOINT with one of the ENDPOINTS of the USER API)

Parameter (all required) Description
oauth_consumer_key The API key of your application, given by DoYouBuzz
oauth_token Request token obtained from DoYouBuzz with getAccessToken
oauth_signature_method Signature algorithm. The legal values for this parameter "RSA-SHA1" or "HMAC-SHA1".
oauth_timestamp Integer representing the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT.
oauth_nonce Random 64-bit, unsigned number encoded as an ASCII string in decimal format. The nonce/timestamp pair should always be unique to prevent replay attacks.
oauth_signature String generated using the referenced signature method. See Signing requests.