Step 2: Get a request token
Added by IBM contributorIBM | Edited by IBM contributorMelissa Mahoney on November 11, 2014
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

When the IBM Connections Cloud resource owner (sometimes referred to as the user) visits the application, the application server sends an API call to the Connections Cloud server so that it can access content on behalf of the resource owner.
After the API call, Connections Cloud returns a request token to the following location:

<app_server>/manage/oauth/getRequestToken


This communication between servers is shown in the following image:

Get a request token



The following required parameters are sent during the process of getting a request token:

Table 1. Required parameters
Parameter
Description
oauth_consumer_key
The OAuth consumer key.
oauth_nonce
Random string to avoid replay attack. Because Connections Cloud uses only PLAINTEXT signature method over HTTPS, this parameter is not checked for replay attack. However it is important to specify some value.
oauth_signature_method
This parameter specifies a signature algorithm. Connections Cloud supports only PLAINTEXT.
oauth_signature
You should sign the request by specifying the signature.+
oauth_timestamp
Set the value as an integer that represents the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT. Because Connections Cloud uses only PLAINTEXT signature method over HTTPS, this parameter is not checked for replay attack. However, it is important to specify some value.
oauth_callback
The URL to which the user browser should be redirected at the end of Step 3: Obtain authorization. This URL is based on the company website. If the value is set to the default value and is not updated for the company, the browser is not redirected back. Instead the OAuth verifier code is displayed in the browser at the end of Step 3: Obtain authorization.
oauth_version
The OAuth version used by the requesting web application. The value should be 1.0.


Connections Cloud supports the following ways to send these parameters:
  • Authorization header of a GET or POST request. Use Authorization: OAuth.
  • Body of a POST request. Make sure that the content type is Content-Type: application/x-www-form-urlencoded.
  • URL query parameters in a GET request.

For information about how to sign a request, refer to the http://oauth.net/core/1.0a" target="external">OAuth 1.0a documentationexternal link.

Response codes

Successful responses return response code 200 with the request token and the request token secret, for example:

oauth_token=fsf89fdssf9sdfsfsf0fdsfsf&oauth_token_secret=dhdsd99000fssfs89


Bad requests return response code 400 and one of the following parameters:
  • oauth_absent_parameters
  • oauth_duplicated_parameters
  • oauth_unsupported_parameters
  • oauth_invalid_parameters
  • oauth_unsupported_signature_method
Unauthorized requests return response code 401 and one of the following parameters:
  • oauth_invalid_signature
  • oauth_invalid_consumerkey
  • oauth_invalid_consumersecret
Parent topic: OAuth 1.0a APIs for web server flow
Previous topic: Step 1: Register your application
Next topic: Step 3: Obtain authorization