Home/ Questions/Q 6966401
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T16:11:12+00:00

We’re trying to connect with another company’s custom API which uses two-legged OAuth to

  • 0

We’re trying to connect with another company’s custom API which uses two-legged OAuth to authenticate a request and send us a response.

At the moment the code we have is sending a request but it’s not being authenticated at the other end and so sending a UNAUTHORISED response.

The steps we have investigated so far:

  • Connected to the remote site using an OAuth implementation in python using the same credentials.
  • Asked the other company to compare our OAuth request with another that succeeds to see if there is a anything missing in ours.

After the second point above, the only difference between our request and another working request is that the oauth_token parameter is present in our request and not in others. Furthermore, he said they have an oauth_body_hash_value in most of their requests but that’s not present in ours – although they do get working requests without it.

Is there a way to remove the oauth_token parameter in Scribe? Alternatively, is the oauth_body_hash_value always needed? Can a request work without?

I’ve included the code below, I am completely new to OAuth so please feel free to tell me if there’s something else that’s wrong.

Note that the TestAPI.class extends DefaultAPI10a and just returns “” for all three required methods.

public class TestImporter {

  private static final String REQ_URL   = "http://test.com/";

  private static final String KEY         = "KEY";
  private static final String SECRET      = "SECRET";

  // test variables
  private static final String VAR1        = "Test123";

  public static void main(String[] args) {

    OAuthService service = new ServiceBuilder()
                               .provider(TestAPI.class)
                               .apiKey(KEY)
                               .apiSecret(SECRET)
                               .build();
    Token token = new Token("", "");
    OAuthRequest request = new OAuthRequest(Verb.GET, REQ_URL + VAR1 + "/");
    service.signRequest(token, request);
    Response response = request.send();
    System.out.println(response.getBody());

  }

}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It turns out that when we thought we were sending a fully formed HTTP GET request, we weren’t.

    The library was adding all of the information to the header (where we were getting our information from), but not adding any oauth information to the request Url. I can only assume it’s to do with us using two-legged authorisation (hence the empty Token).

    By copying the map of oAuthParameters into queryStringParameters, it then allowed the Url to be formed correctly.

    • 0