oAuth authentication
DoYouBuzz User API uses oAuth 1.0 protocol for authentication and authorization. For more information on oAuth you can refer to the official documentation.
Summary
Before you can access a user's data, you must do the following :
- Obtain a request token (using RequestToken)
- Authorize the request token (using AuthorizeToken)
- Exchange the authorized request token for an access token (using GetAccessToken)
RequestToken (obtain a request token)
Send the request
GET https://www.doyoubuzz.com/fr/oauth/requestToken
| Parameter (all required) | Description |
|---|---|
| oauth_consumer_key | The API key of your application, given by DoYouBuzz |
| oauth_signature_method | Signature algorithm. The legal values for this parameter "RSA-SHA1" or "HMAC-SHA1". |
| oauth_timestamp | Integer representing the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT. |
| oauth_nonce | Random 64-bit, unsigned number encoded as an ASCII string in decimal format. The nonce/timestamp pair should always be unique to prevent replay attacks. |
| oauth_callback | URL the user should be redirected to after the access is granted (in response to a call to AuthorizeToken). The callback URL can include url-encoded query parameters. |
| oauth_signature | String generated using the referenced signature method. See Signing requests. |
Get the tokens
If the request for a request token is successfull, DoYouBuzz responds with a GET 200 OK message containing oauth_token and oauth_token_secret.
Sample response:
oauth_token=ac3cd9j512ks73he4g&oauth_token_secret=YXacbXBsZS6jb21
authorizeToken (ask the user for his authorization)
GET https://www.doyoubuzz.com/fr/oauth/authorize
| Parameter | Description |
|---|---|
| oauth_token | Request token obtained from DoYouBuzz with requestToken |
| oauth_callback | The same value you sent to DoYouBuzz with requestToken |
The user will be redirected on DoYouBuzz.com and prompted to authorize your application.
See the authorization screen
getAccessToken (get the access token)
When the user has authorized your application, he is redirected to your callback url with the following parameters : oauth_token and oauth_verifier
On your callback page, you need to contact one last time DoYouBuzz to exchange an authorize token for an access token
GET https://www.doyoubuzz.com/fr/oauth/accessToken with the following parameters
| Parameter (all required) | Description |
|---|---|
| oauth_verifier | Token obtained from DoYouBuzz with |
| oauth_consumer_key | The API key of your application, given by DoYouBuzz |
| oauth_signature_method | Signature algorithm. The legal values for this parameter "RSA-SHA1" or "HMAC-SHA1". |
| oauth_nonce | Random 64-bit, unsigned number encoded as an ASCII string in decimal format. The nonce/timestamp pair should always be unique to prevent replay attacks. |
| oauth_timestamp | Integer representing the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT. |
| oauth_version | Use "1.0" |
| oauth_signature | String generated using the referenced signature method. See Signing requests. |
If the request for an access token is successfull, DoYouBuzz responds with a GET 200 OK message containing oauth_token and oauth_token_secret.
You will need these values to access the protected ressources. The oauth_token is different from the previous one returned by DoYouBuzz. This one will allow you to access the protected ressources (and can be saved in your database for later use).
Access protected ressources
GET https://api.doyoubuzz.com/<ENDPOINT>
(replace ENDPOINT with one of the ENDPOINTS of the USER API)
| Parameter (all required) | Description |
|---|---|
| oauth_consumer_key | The API key of your application, given by DoYouBuzz |
| oauth_token | Request token obtained from DoYouBuzz with getAccessToken |
| oauth_signature_method | Signature algorithm. The legal values for this parameter "RSA-SHA1" or "HMAC-SHA1". |
| oauth_timestamp | Integer representing the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT. |
| oauth_nonce | Random 64-bit, unsigned number encoded as an ASCII string in decimal format. The nonce/timestamp pair should always be unique to prevent replay attacks. |
| oauth_signature | String generated using the referenced signature method. See Signing requests. |