Authentication

Authenticating with OAuth


How to login a user from your website or application

1. Acquire an Unauthorized Request Token and Token Secret

The first step to logging in a user is to acquire a request token and token secret. To do this, send a request with the following OAuth parameters to identify yourself. OpenCaching.com will respond with a Request Token to be used in the next step.

HTTP POST (You will make this call in the background): http://www.opencaching.com/api/oauth/requestToken

Request Parameters:

Response Includes:


2. User Authorization of Request Token

Once you have a request token, you need to send the user to the OpenCaching.com site so they can sign in. This step occurs on the OpenCaching.com site so the user can enter their login credentials on OpenCaching.com instead of providing them to a third-party. Once the user has logged in, they will be redirected to the Callback URL you provided us when signing up. The response will include the Request Token that has been authorized with the user’s account

HTTP GET (You will redirect the user’s browser to this URL): http://www.opencaching.com/api/oauth/authorize

Request Parameters:

Response Includes:

3. Acquire an Access Token and Token Secret

Now that the user has authorized the Request Token it can be exchanged for an Access Token. To do this you send the Authorized Request Token and we will reply with the Access Token and Access Token Secret. This Access Token and Secret are used to make logged in API calls for the authenticated user.

HTTP POST (You will make this call in the background): http://www.opencaching.com/api/oauth/accessToken

Request Parameters:

Response Includes:


How to make a request for a user that is logged in

Access Protected Resources

You are fully authenticated now. To make a logged in request, include the OAuth information in the Authorization header or Authorization parameter. The Authorization header must include the parameters listed below.

The signature is generated from all the OAuth parameters and Request parameters using the Consumer Secret and Access Token Secret as the seed. See Signing Requests for a full walkthrough on signing a request. If you are using a library this should be done for you.

OAuth Header:

Additional Resources