Where should you start?

Explore our catalogue or learn about our streaming API documentation, jump to our API usage and brand guidelines or check the full Open API Terms & Conditions

Like what you see?

SIGN UP TO OUR API

OAuth guide

Obtaining an access token - a step-by-step guide

To generate an access token you will be using our OAuth Authentication API.

The steps involved are as follows:

1. Obtain a request token by making a signed POST to

http://api.7digital.com/1.2/oauth/requesttoken

e.g.:
curl -X POST 'https://api.7digital.com/1.2/oauth/requesttoken' -d 'oauth_consumer_key=YOUR_KEY_HERE&oauth_nonce=950262835&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1426071532&oauth_version=1.0&oauth_signature=qX5UNhYyuqZVx%2BZOXHQbWMpuKvE%3D'

2. Decode the response content (it is URL encoded) and extract the request token (oauth_token) and request token secret (oauth_token_secret), e.g.:

oauth_token=ABC1XYZ&oauth_token_secret=oGBr7s1xQ0OBk6L1fddTCQ%3d%3d

=>
request token: ABC1XYZ
request token secret: oGBr7s1xQ0OBk6L1fddTCQ==

3. Send the user to our micro service site to authorise the request token, e.g.:

 https://account.7digital.com/YOUR_KEY_HERE/oauth/authorise?oauth_token=ABC1XYZ&oauth_callback=http%3A%2F%2Fexample.com%2F

The user will be shown a login page, where they create a 7digital account or sign in to their existing account, and then authorise your application.

The oauth_callback parameter specifies your URL that the user will be returned to once they have authenticated the request token (or when authentication fails).

When the user is redirected to the callback URL, the query string will contain two extra parameters - the request token and the status of the token authorisation. The status will have the value ‘Authorized’ if the request token was authorised by the user, e.g.:

HTTP/1.1 302 FoundLocation: http://example.com/?oauth_token=ABC1XYZ&status=Authorised

4. Exchange the request token for an access token by making a signed POST to
http://api.7digital.com/1.2/oauth/accesstoken
using the request token and request token secret to sign the request.

e.g.:
curl -X POST 'https://api.7digital.com/1.2/oauth/accesstoken' -d
'oauth_consumer_key=YOUR_KEY_HERE&oauth_nonce=392543666&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1409741291&oauth_token=ABC1XYZ&oauth_version=1.0&oauth_signature=NdtITy3YGNOhf6xm5JfPfDWKRSQ%3D'

 5. Decode the response content (it is URL encoded) and extract the access token (oauth_token) and access token secret (oauth_token_secret), e.g.:

 oauth_token=OkG6sd_eIkem6RgdZklyBQ&oauth_token_secret=WOq-Ek4sdUmPlN6umrroFQ

=>
access token: OkG6sd_eIkem6RgdZklyBQ
access token secret: WOq-Ek4sdUmPlN6umrroFQ

There you have it - an access token and a secret you can use in requests to endpoints that require an OAuth access token.

If you still have any questions, concerns, or need some friendly help, please feel free to raise them on our 7digital API Developers Community and someone will get back to you shortly!