The SmartCloud for Social Business Partner Platform mandates that all web-based partner applications make use of OAuth to call SmartCloud for Social Business APIs. If your application is for desktop or mobile use, use Basic Authentication instead of OAuth.
Anyone who creates an application for integration with SmartCloud for Social Business should become familiar with OAuth.
SmartCloud for Social Business currently supports both OAuth 1.0a and 2.0. OAuth 1.0a is the default version. Note that OAuth 2.0 is not backwards compatible with previous versions of OAuth.
For more information, including access to specifications, see the OAuth website
Key components in the OAuth web server flow
During the web server flow, several key players are involved:
Resource owners are users with a SmartCloud for Social Business account who allow external or company applications to access their information on the SmartCloud for Social Business resource server.
The resource server hosts information that belongs to resource owners. After resource owners are authenticated and authorized, the external or company application communicates with the resource server to obtain information.
The application obtains information from the resource server on the behalf of users. The application can be an external (third-party) application or internal company (business partner) application. After resource owners authenticate and grant access to their information, applications can continue to communicate with the resource server without intervention from the user or as long as the access token remains valid.
The authorization server authenticates the resource owner, grants access, and manages tokens to provide applications with access to information on the resource server.
Parent topic: Open Authorization