Voimmeko auttaa?

Jätä yhteystietosi, otamme sinuun yhteyttä.

Authentication

OAuth authorization

Snoobi API implements OAuth authorizarion according to RFC 5849. In order to have your application (=consumer) registered, fill the registering form. If you have forgotten your credentials or they do not work, send e-mail to our Customer support (tuki.snoobi (at) fonecta.com. Example of using OAuth can be found at GitHub.

The Authorization process

Once the consumer application has ConsumerToken and ConsumerSecret, the application can make requests to authorize. This process has two steps.

Step 1: Request token

The request token endpoint for Snoobi API is at:

https://api.snoobi.com/oauth/requesttoken

The request is made with with HTTP POST to URL:

https://api.snoobi.com/oauth/requesttoken?oauth_callback=<your application callback, URL encoded>

Authorization headers

The OAuth parameters are sent in HTTP Authorization header

 

Field Value
oauth_consumer_key Your applications consumer key (40 chars)
oauth_nonce Randomly generated string in ASCII format. Subsequent requests with same nonce and timestamp combination will be ignored. Recommendation is to use 64-bit random number.
oauth_signature Request signature
oauth_signature_method HMAC-SHA1″ or ”PLAINTEXT
oauth_timestamp Unix timestamp
oauth_version 1.0

 

Example authorization header (line breaks added for readability):

Authorization: OAuth oauth_consumer_key=”2cab9166c5180256f4788a7669c181c84bec61ee”\,oauth_signature_method=”HMAC-SHA1″,\oauth_nonce=”7524122124ddba21d644043.98235934″\

,oauth_timestamp=”1306239517″,\

oauth_version=”1.0″,\

oauth_signature=”kP6LwV%2FJfs9YcG4irDJuoP271uU%3D”

 

On successful request /oauth/requesttoken returns the request token and token secret. These come in parameters ”oauth_token” and ”oauth_token_secret”, respectively. Also the authentification url is provided in the response parameter ”authentification_url”. The URL is something akin to: https://api.snoobi.com/oauthgrant.php and your application should redirect the user’s browser to this address. If user is not already logged in to Snoobi, he will be prompted to do so.

After login, user gets to the view where they can grant the access to the application:

 

Snoobi's OAuth grant view

 

Once user clicks the Grant button he gets redirected to your callback url, with oauth_token and verifier added as url parameters:

http://youapp.com/callback.php?oauth_token=66393e59b10dddc112a8d1cbca9f9559d01127a1&verifier_token=051dd4f45b791957d8c12b83b9810365bbb50e63

 

Step 2: Access tokens

Now that your application has acquired the request token, secret and verifier, it is ready to call the access token end point to get the permanent access tokens.

The access token endpoint is:

https://api.snoobi.com/oauth/accesstoken

Authorization headers

Field Value
oauth_consumer_key Your applications consumer key (40 chars)
oauth_nonce Randomly generated string in ASCII format. Subsequent requests with same nonce and timestamp combination will be ignored. Recommendation is to use 64-bit random number.
oauth_timestamp Unix timestamp
oauth_version 1.0
oauth_token Your request token
oauth_signature Signature

 

Authorization: OAuth oauth_verifier=”ff17678750b3ca5b5263babee610bb9f47f7a1b6″,\oauth_consumer_key=”2cab9166c5180256f4788a7669c181c84bec61ee”,\oauth_signature_method=”HMAC-SHA1″,\

oauth_nonce=”2556773534ddb9f01d00518.41306989″,\

oauth_timestamp=”1306238721″,\

oauth_version=”1.0″,\

oauth_token=”f3a4eb25c1267f28d5de54e89a78db48f4d7ed30″,\

oauth_signature=”%2F9y%2BtMdCZk1uRYawXsfWHb%2BPmig%3D”

 

On success, the accesstoken service returns the access token and secret in fields: oauth_token and oauth_token_secret.

API calls

Once you have acquired the access token and secret, your application is ready to make calls to the Snoobi API.

Authorization headers

Field Value
oauth_consumer_key Your applications consumer key (40 chars)
oauth_nonce Randomly generated string in ASCII format. Subsequent requests with same nonce and timestamp combination will be ignored. Recommendation is to use 64-bit random number.
oauth_timestamp Unix timestamp
oauth_version 1.0
oauth_token Your request token
oauth_signature Signature

 

Example authorization header (line breaks added for readability):

Authorization: OAuth oauth_consumer_key=”2cab9166c5180256f4788a7669c181c84bec61ee”,\oauth_signature_method=”HMAC-SHA1″,\

oauth_nonce=”4576930984ddba06bc0e958.49158151″,\

oauth_timestamp=”1306239083″,\

oauth_version=”1.0″,\

oauth_token=”b7a3c3dc9716a10146c74e30ec8eaa8d5f3e6530″,\

oauth_signature=”s%2Fogi5ijLk96qSWkNEVFynoxKmI%3D”

 

Notes and remarks

Signing requests: Snoobi API currently supports HMAC-SHA1 and PLAINTEXT signature methods, with HMAC-SHA1 being strongly recommended. All traffic to Snoobi API is sent over https.

Tokens and security: All tokens handed out by Snoobi API are 40 characters long. As the access tokens are permanent and allow access to sensitive customer information we strongly recommend storing them encrypted within your systems. Snoobi retains the privilege of disabling access from any OAuth consumers suspected of insecure token handling.

Error reporting: Errors are reported according to the OAuth problem reporting extension: http://wiki.oauth.net/w/page/12238543/ProblemReporting

More information about OAuth is available at: http://oauth.net

SIGN UP FOR A FREE TRIAL!