Step 5: Make the API call
Added by IBM contributorIBM | Edited by IBM contributorAlex Leiskau on February 19, 2015
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

Now that the access token has been generated, the final step is to make the actual API call, as shown in the following image.

Make the API call
When you make the API call to any of the supported IBM Connections Cloud™ APIs, you must send the following parameters:
Table 1. Required parameters
Parameter
Description
oauth_consumer_key
The OAuth consumer key.
oauth_nonce
Random string to avoid replay attack. Because Connections Cloud uses only PLAINTEXT signature method over HTTPS, this parameter is not checked for replay attack. However it is important to specify some value.
oauth_signature_method
This parameter specifies a signature algorithm. Connections Cloud supports only PLAINTEXT.
oauth_signature
You should sign the request by specifying the signature.+
oauth_timestamp
Set the value as an integer that represents the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970 00:00:00 GMT. Because Connections Cloud uses only PLAINTEXT signature method over HTTPS, this parameter is not checked for replay attack. However, it is important to specify some value.
oauth_version
The OAuth version used by the requesting web application. The value should be 1.0.



Connections Cloud allows sending these parameters via authorization header of a GET or POST request. Use Authorization: OAuth.

Note: For a list of Connections Cloud protected resources that can be integrated with your application, including APIs for files, activities, communities, and more, see the http://www-10.lotus.com/ldd/appdevwiki.nsf/xpViewCategories.xsp?lookupName=API%20Reference" target="external">API Referenceexternal link in the Social Business Development wiki.

Response codes

When successful, a response code of 200 is returned unless some other success code is specified by the actual API.

Bad requests return response code 400 and one of the following parameters:
  • oauth_absent_parameters
  • oauth_duplicated_parameters
  • oauth_unsupported_parameters
  • oauth_invalid_parameters
  • oauth_unsupported_signature_method
Unauthorized requests return response code 401 and one of the following parameters:
  • oauth_invalid_signature
  • oauth_invalid_consumerkey
  • oauth_invalid_consumersecret
  • oauth_missing_consumersecret
  • oauth_missing_tokensecret
  • oauth_invalid_requesttoken
  • oauth_token_expired
  • oauth_consumer_missing_subscription
Parent topic: OAuth 1.0a APIs for web server flow
Previous topic: Step 4: Get the access token