GET /oauth/oauth10/token
Generates an OAuth 1.0a access token using HTTP GET.
Note: there is a corresponding operation that performs the same action using HTTP POST: POST /oauth/oauth10/token. However, we recommend you use the GET operation. For information on why you might choose one or the other, see OAuth Operations: GET or POST?
For a broader picture of how OAuth 1.0a token management works, and how this operation files into the process flow, see OAuth: Using Tokens with OAuth 1.0a.
Authorization Roles/Permissions: Anyone can run this operation.
This topic includes the following sections:
HTTP Method
GET
URL
https://{oauth-provider-url}/oauth/oauth10/token
Sample Request
The example below shows a request for an OAuth 1.0a access token.
Sample Request URL
https://{oauth-provider-url}/oauth/oauth10/token
Sample request headers
Content-Type: application/x-www-form-urlencoded (if POST) Authorization: OAuth oauth_signature="XupDUJuzrHqq2fCGO%2FVDXBZxFsA%3D", scope=Scope1, oauth_version="1.0", oauth_nonce="2367428168", oauth_signature_method="HMAC-SHA1", oauth_consumer_key="acmepaymentscorp-3rCEQzwEHMT9PPvuXcClpe3v", oauth_token="45c8npv52e48", oauth_verifier="z1CcnUbEVbQQvY635MG2svirqVDJaXsI3GUEQQ", oauth_timestamp="1444076361"
Sample request body
Not applicable.
Request Headers
For general information on request header values, refer to HTTP Request Headers.
| Header | Description |
|---|---|
| Accept | Any Accept header value that supports a response Content-Type of text/plain is valid; for example, */*. |
| Authorization | The Authorization request header, which includes the request parameters shown below. |
Request Parameters
| Header | Description |
|---|---|
| oauth_token | The temporary token (request token) received from the OAuth server. |
| oauth_consumer_key | The client identifier. |
| oauth_signature_method | The signature method. For valid values, see OAuth Signature Method (1.0a) values. |
| realm | The domain name for the OAuth provider. For more information, see http://tools.ietf.org/html/rfc2617#section-1.2. |
| oauth_nonce | The random nonce value. The nonce value must be unique across all requests with the same timestamp, client credentials, and token combinations. |
| oauth_timestamp | The timestamp value. Must be a positive integer. The timestamp is expressed in the number of seconds since January 1, 1970 00:00:00 GMT. |
| oauth_verifier | The verification code received from the OAuth server in the authorization step. |
| oauth_signature |
The signature base string: a consistent, reproducible concatenation of several of the HTTP request elements into a single string. The string is used as an input to the signature method. The signature base string includes the following components of the HTTP request:
The signature base string does not cover the entire HTTP request. Most important, it does not include the entity-body in most requests, nor does it include most HTTP entity-headers. It is important to note that the server cannot verify the authenticity of the excluded request components without using additional protections such as SSL/TLS or other methods. |
Response
If successful, this operation returns HTTP status code 200, with the token identifier and shared secret.
Sample Response
The sample response below shows successful completion of this operation.
Sample response headers
Content-Type: text/plain
Sample response body
oauth_token=45c8npv52e48&oauth_token_secret=7mJHAhdVzzsHfBhgmtM1gMs-kATLTSm-XabEjg
Response Headers
For general information on response header values, refer to HTTP Response Headers.
| Header | Description |
|---|---|
| Content-Type | text/plain |
Response Body
| Header | Description |
|---|---|
| oauth_token | The token identifier. |
| oauth_token_secret | The token shared secret value. |
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
| Item | Value |
|---|---|
| 500 | An error occurred processing the call. |
More information about Akana OAuth API error messages.
