How to call the API using OAuth 1.0?

Question

I'm having a bad time calling the API after successfully retrieving the user's access_token and his secret_token, like so:

{ 
    oauth_token: '4xxxxxxxx-asdasdasd......',
    oauth_token_secret: 'XXX........',
    user_id: '4xxxxxxxx' 
}

I retrieved those in a user sign-in in behalf of my application. For example, like Twitter sign-in implementation.

Now for retrieving data from an API I am not sure about the specification for OAuth 1.0, but I know in OAuth 2.0 you can simply use 'Authorization: Bearer ' . $accessToken in the header. Is OAuth 1.0 requires generating another signature for each API call?

I Have searched in this matter and did not found a clear solution. Thanks before

Which language are you using? Are you working with a specific library? — Terence Eden, Sep 01 '15 at 12:31
I have written all the implementation for getting an oauth_token and oauth_token_secret (and user_id) behalf on my application (finished step 3 from here: https://dev.twitter.com/web/sign-in/implementing ). — Alon Weissfeld, Sep 01 '15 at 13:19
Alon, you need to show us your code so that we can see what's happening. — Terence Eden, Sep 01 '15 at 14:24

simo · Answer 1 · 2015-09-01T15:00:13.067

4

Generally for OAuth1.0 the Authorization header is sent with a value of OAuth and a bunch of fields. There is a spec about it, and also a signature is generated and added to that string, but you don't have to do that yourself.

You can use the request module. For example here is how you can get the user's profile for Twitter:

request.get('https://api.twitter.com/1.1/users/show.json', {
  oauth:{
    consumer_key:'...',
    consumer_secret:'...',
    token:'...',
    token_secret:'...'
  },
  qs:{user_id:'...'} // or screen_name
}, function (err, res, body) {})

You can use the above code with any OAuth1.0 provider. All you need to pass is your application and user credentials. In very rare cases you might need to pass additional options (check out the oauth signing section).

edited Sep 01 '15 at 15:00

answered Sep 01 '15 at 14:25

simo

15,078
7
45
59

Thanks, but I'm using Twitter Ads-API which is not working with Application-only authentication (as in your answer). I have already managed to generate my own signature and authorize requests for end points like 'POST oauth / access_token'. But when I'm trying to use the user token to call from the API I fail. – Alon Weissfeld Sep 01 '15 at 14:42
Wait, I'm not talking about the authorization flow, I'm showing you how to make correct request after you get the user's credentials. You can use [Grant](https://github.com/simov/grant) if you have to use a server flow to authorize accounts. – simo Sep 01 '15 at 14:53
Using the oauth in the request module gives me 'The client application making this request does not have access to this API' - correct me if I'm wrong - means this is an implementation for application-only. I'm having a user signed in and then trying to use his credentials to check, for example, his twitter ads campaigns. I am failing to build the authorization header with the user credentials for that kind of request, and there is no documentation about so. I prefer to use my own code ( although Grant looks awesome! ). Any thoughts? – Alon Weissfeld Sep 01 '15 at 15:28
Did you enabled your app to use the Ads API [here](https://dev.twitter.com/form/ads-api-access-developer)? Also as mentioned in the docs - you **should** use a library that implements the OAuth business, Twitter is fully compliant with the spec. – simo Sep 01 '15 at 16:46
I managed to make an api request on the REST API. When using an ads-api request, such as 'GET accounts/:account_id/campaigns' I get an error: "The client application making this request does not have access to this API". I did fill up my form with my app ID at the link you sent. Am I missing some implementation? Also, my confirmation for the Ads API App isn't mentioned anywhere, nor in my apps page (https://apps.twitter.com/). What am I missing? – Alon Weissfeld Sep 02 '15 at 10:03
I haven't tried that myself, but the error message states exactly that - your OAuth app doesn't have access to that API, and that have nothing to do with OAuth itself. Try using the Sandbox API instead `https://ads-api-sandbox.twitter.com`. Also your question is vague and misleading, you have a better chance getting help if you open up another question with correct title, and containing all of the relevant information. You don't have problem with OAuth, but with specific configuration of the Twitter's Ads API. – simo Sep 02 '15 at 10:49
Ok thank you. Posted a new question: http://stackoverflow.com/questions/32351969/how-to-get-access-to-twitter-ads-api – Alon Weissfeld Sep 02 '15 at 11:31
how can we do it same example with got npm module, – Vinay Kumar Sep 01 '20 at 13:40

How to call the API using OAuth 1.0?

1 Answers1

Linked