Skip to content

Authentication and Authorization

Jump to bottom
Rafael Chacon edited this page Feb 22, 2012 · 1 revision

Piictu API uses OAuth 2.0 - http://tools.ietf.org/html/draft-ietf-oauth-v2-10 for clients authorization.

To use the Piictu API, clients have to be registered in the Piictu's OAuth server.

To registered clients Piictu supplies two special values: client_id and client_secret

In order to use the API in behalf of a user, the client must request an access token. The way to request an access token is issuing a request to http://public-api.piictu.com/oauth/access_token providing the following params:

  • client_id
  • client_secret
  • username
  • password
  • grant_type = "password"

A CURL sample access token request looks like:

curl -i http://public-api.piictu.com/oauth/access_token \
-F grant_type=password \
-F client_id=xxxxxxxxxxxxxxxxxx \
-F client_secret=xxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
-F username=fede \
-F password=tomato

The response for a successful request is a json containing the access token and information related to the user:

{
"access_token": "90197bad499dee9438f8513153e6ee2df1a01fcf4cfa1d10775075510b2a24bb",
"user": {
"avatar_url": "http://piictu.s3.amazonaws.com/avatars/4df3b43e490fa000010003ff/90x90",
"bio": "",
"created_at": "2011-06-11T18:30:22Z",
"current_sign_in_at": "2012-02-16T04:57:24Z",
"current_sign_in_ip": "174.6.202.206",
"followers_count": 4,
"friends_count": 7,
"fullname": "Fede Tomato",
"last_sign_in_at": "2012-02-11T04:26:17Z",
"last_sign_in_ip": "174.6.202.206",
"likes_count": 25,
"original_avatar_url": "http://piictu.s3.amazonaws.com/avatars%2F4df3b43e490fa000010003ff%2Foriginal",
"photos_count": 25,
"prev_visited_notification_seq": 13292255051055364,
"push_tokens": [(2)
"c68e1352c92aad2f5827a3d22936c3b5ec648937bf77a09170ed43e9cb14ada8",
"9743713013409ab1657e536b07300fb998cf6bc9c371d164287f9c8ad4beffa1"
],-
"replies_count": 2,
"streams_count": 12,
"timezone": "PST",
"updated_at": "2012-02-18T00:31:26Z",
"username": "fede",
"id": "4df3b43e490fa000010003ff",
"services": [(2)
"twitter",
"facebook"
],-
"email": "fede@piictu.com"
},-
"scope": "read write"
}

Grab the access token and use it to make next API calls in behalf of the user. The access token is good until is deleted it from the database.

Sample call using CURL to get a list of streams:

curl -i http://public-api.piictu.com/v2/streams \
-H "Authorization: OAuth  e57807eb99f8c29f60a27a75a80fec6e"

Clone this wiki locally