Home/ Questions/Q 7940705
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T23:27:34+00:00

I have a spec for a project that accesses a third party remote API

  • 0

I have a spec for a project that accesses a third party remote API RESTfully and requires oAuth. The spec includes the following text:

Access to the API requires the use of the OAuth protocol. A
per-organisation shared secret / access key combination prevents
access from unauthorised parties. Because the service endpoint
identifies the organisation, no other parameters are expected to be
passed in the OAuth header that encapsulates the REST request.

Of this, I don’t fully understand the following:

Because the service endpoint
identifies the organisation, no other parameters are expected to be
passed in the OAuth header that encapsulates the REST request.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    oauth_* parameters can be passed either in the Authorization header or as URL params. I read that quote as meaning if you pass the oauth_* values in the Authorization header don’t include other values in the header.

    OAuth params as a header:

     GET /initiate?foo=bar HTTP/1.1
 Host: photos.example.net
 Authorization: OAuth realm="Photos",
    oauth_consumer_key="dpf43f3p2l4k3l03",
    oauth_signature_method="HMAC-SHA1",
    oauth_timestamp="137131200",
    oauth_nonce="wIjqoS",
    oauth_callback="http%3A%2F%2Fprinter.example.com%2Fready",
    oauth_signature="74KNZJeDHnMBp0EMJ9ZHt%2FXKycU%3D"

    OAuth params in the URL:

     GET /initiate?foo=bar&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_signature_method=HMAC-SHA1&oauth_timestamp=137131200&oauth_nonce=wIjqoS&oauth_callback=http%3A%2F%2Fprinter.example.com%2Fready&oauth_signature=74KNZJeDHnMBp0EMJ9ZHt%2FXKycU%3D HTTP/1.1
 Host: photos.example.net
    • 0