Hoping someone can help me out here. I’m using Google Contacts API to fetch a list of contacts. To my understanding, this is done by sending a GET request:
However, this is wildly insecure as any intruder can gain access to the oauth_token in the URL. To combat this, I’m trying to send this as a POST request with my parameters (alt, max-results, oauth_token) as the data. However, I simply get an error that “Authorization is required”. I’ve tried adding “Authorization: OAuth” to my headers but to no avail (get an error that authorization type is not recognized).
Any advice? I need a secure way to send the oauth token to Google such that my security software won’t complain about a security hole in my program …
Thanks!
To answer your question directly, even though security is irrelevant as you are using
HTTPS, you cannotPOSTto Google to get a list of contacts. Google requires you use Get.The proper formatting for authorization (Because you can still use a
Getand not pass the oauth_token as a query string is to use an HTTP Header formatted:Using OAuth 2.0 to Access Google APIs