GET /oauth/oauth10/token

Generates an OAuth 1.0a access token using HTTP GET.

Note: there is a corresponding operation that performs the same action using HTTP POST: POST /oauth/oauth10/token. However, we recommend you use the GET operation. For information on why you might choose one or the other, see OAuth Operations: GET or POST?

For a broader picture of how OAuth 1.0a token management works, and how this operation files into the process flow, see OAuth: Using Tokens with OAuth 1.0a.

Authorization Roles/Permissions: Anyone can run this operation.

This topic includes the following sections:

HTTP Method




Sample Request

The example below shows a request for an OAuth 1.0a access token.

Sample Request URL


Sample request headers

Content-Type: application/x-www-form-urlencoded (if POST)
Authorization: OAuth 

Sample request body

Not applicable.

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept Any Accept header value that supports a response Content-Type of text/plain is valid; for example, */*.
Authorization The Authorization request header, which includes the request parameters shown below.

Request Parameters

Header Description
oauth_token The temporary token (request token) received from the OAuth server.
oauth_consumer_key The client identifier.
oauth_signature_method The signature method. For valid values, see OAuth Signature Method (1.0a) values.
realm The domain name for the OAuth provider. For more information, see
oauth_nonce The random nonce value. The nonce value must be unique across all requests with the same timestamp, client credentials, and token combinations.
oauth_timestamp The timestamp value. Must be a positive integer. The timestamp is expressed in the number of seconds since January 1, 1970 00:00:00 GMT.
oauth_verifier The verification code received from the OAuth server in the authorization step.

The signature base string: a consistent, reproducible concatenation of several of the HTTP request elements into a single string. The string is used as an input to the signature method.

The signature base string includes the following components of the HTTP request:

  • The HTTP request method (GET or POST).
  • The authority, as declared by the HTTP host field in the request header.
  • The path and query components of the request resource URI.
  • The protocol parameters, excluding the oauth_signature.

The signature base string does not cover the entire HTTP request. Most important, it does not include the entity-body in most requests, nor does it include most HTTP entity-headers. It is important to note that the server cannot verify the authenticity of the excluded request components without using additional protections such as SSL/TLS or other methods.


If successful, this operation returns HTTP status code 200, with the token identifier and shared secret.

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers

Content-Type: text/plain

Sample response body


Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type text/plain

Response Body

Header Description
oauth_token The token identifier.
oauth_token_secret The token shared secret value.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
500 An error occurred processing the call.

More information about Akana OAuth API error messages.