POST /oauth/oauth10/initiate

Generates a request to the OAuth Provider for an OAuth 1.0a token, using HTTP POST.

The client obtains a set of temporary credentials from the server by making an authenticated HTTP (GET/POST) request to the Temporary Credential Request endpoint.

This is a standard OAuth operation per the OAuth 1.0a specification. See section 1.2: http://tools.ietf.org/html/rfc5849#section-1.2. This section of the specification includes details about the request and response messages.

Note: there is a corresponding operation that performs the same action using HTTP GET: GET /oauth/oauth10/initiate. However, we recommend using POST. For information on why you might choose one or the other, see OAuth Operations: GET or POST?

For a broader picture of how OAuth 1.0a token management works, and how this operation files into the process flow, see OAuth: Using Tokens with OAuth 1.0a.

Authorization Roles/Permissions: Anyone can run this operation.

This topic includes the following sections:

HTTP Method
URL
Sample Request
Request Headers
Request Parameters

Response
Sample Response
Response Headers
Response Body
Error Codes/Messages

HTTP Method

POST

URL

https://{oauth-provider-url}/oauth/oauth10/initiate

Sample Request

The example below shows a request for an OAuth 1.0a access token.

Sample Request URL

https://{oauth-provider-url}/oauth/oauth10/initiate

Sample request headers

POST /oauth/oauth10/initiate HTTP/1.1
Authorization: OAuth oauth_callback="http%3A%2F%2Facmepaymentscorp.com%3A9900%2Fui%2Fapps%2F2Facmepaymentscorp
%2F_VWQJeFH76RyfD6M6FRO5Svg%2Fresources%2Fconsole%2Fglobal%2Foauthclientredirect.html%3Fdynamic%3Dtrue",
oauth_signature="%2BevIePaQ4Pe%2F7i5NH42xVdbh5sQ%3D",scope=Scope1,oauth_version="1.0",oauth_nonce="3362968745",
oauth_signature_method="HMAC-SHA1",oauth_consumer_key="2Facmepaymentscorp-3rCEQzwEHMT9PPvuXcClpe3v",
oauth_timestamp="1444076352"
Content-Type: application/x-www-form-urlencoded
Host: {hostname}

Sample request body

None. The information is sent in the Authorization header.

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header	Description
Accept	Any Accept header value that supports a response Content-Type of text/plain is valid; for example, */*.
Content-Type	application/x-www-form-urlencoded
Authorization	The Authorization request header authenticates the client with the server. Values: oauth_callback: The URI to which the server will redirect the resource owner when authorization is complete. oauth_signature: A unique value calculated by the client using client secret and token secret values. For details, refer to the section of the specification: http://tools.ietf.org/html/rfc5849#section-3.4. scope: A parameter unique to the platform, indicating a platform scope that the request applies to. oauth_version: An optional parameter which, if present, must be set to 1.0. oauth_nonce: The unique nonce value for the request. oauth_signature_method: The name of the signature method used to sign the request. For valid values, see OAuth Signature Method (1.0a) values. oauth_timestamp: Timestamp for the request. May be omitted for PLAINTEXT signature method.

Header

Description

Any Accept header value that supports a response Content-Type of text/plain is valid; for example, */*.

Content-Type

application/x-www-form-urlencoded

Authorization

The Authorization request header authenticates the client with the server. Values:

oauth_callback: The URI to which the server will redirect the resource owner when authorization is complete.
oauth_signature: A unique value calculated by the client using client secret and token secret values. For details, refer to the section of the specification: http://tools.ietf.org/html/rfc5849#section-3.4.
scope: A parameter unique to the platform, indicating a platform scope that the request applies to.
oauth_version: An optional parameter which, if present, must be set to 1.0.
oauth_nonce: The unique nonce value for the request.
oauth_signature_method: The name of the signature method used to sign the request. For valid values, see OAuth Signature Method (1.0a) values.
oauth_timestamp: Timestamp for the request. May be omitted for PLAINTEXT signature method.

Request Parameters

None.

Response

If successful, this operation returns HTTP status code 200, with the token information.

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Expires: Mon, 05 Oct 2015 15:19:12 GMT

Sample response body

oauth_token=45c8npv52e48&oauth_token_secret=L7oLlPhVEL0Gs0QQldoMFctFK_nQkBq7FOiOF99Ix_s&oauth_callback_confirmed=true

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header	Description
Content-Type	text/plain

Response Body

The response body is per the OAuth 1.0a specification. See section 1.2: http://tools.ietf.org/html/rfc5849#section-1.2

Name	Type	Description
oauth_token	String	The temporary credentials identifier.
oauth_token_secret	String	The temporary credentials shared secret value.
oauth_callback_confirmed	Boolean	For a successful response, the value is always true.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item	Value
500	An error occurred processing the call.

More information about Akana OAuth API error messages.