You are here: Developers > OpenX Platform API > Authentication reference > Programmatic sample

Programmatic Authentication Sample

Last updated on May 17, 2017

All calls to the Platform API must be authenticated with a security token, which you can retrieve through the OpenX OAuth Server located at https://sso.openx.com. You can then include the token in subsequent API calls.

The following sample OAuth session log shows successfully signed OAuth requests using the following calls:

  • Step 1 - POST /api/index/initiate

  • Step 2 - POST /login/process

  • Step 3 - POST /api/index/token

In the final call to sso.openx.com/api/index/token, the oauth_token value in the response is the value used for the openx3_access_token cookie for API requests.

Step 1 - Request an unauthorized request token

The following sample shows the values for the header fields. To send these values on a command line, you could use curl but your client application will most likely transfer these values using your preferred language (PHP, Python, Ruby on Rails, etc.)

Request: POST /api/index/initiate


> POST /api/index/initiate HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 0
> Host: sso.openx.com
> User-Agent: Python-urllib/2.7
> Connection: close
> Content-Type: application/x-www-form-urlencoded
> Authorization: OAuth realm="", oauth_nonce="5318660", oauth_timestamp="1387318515", 
  oauth_consumer_key="3bb1...ae5", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", 
  oauth_signature="O33SvRJBlBsrVglailYYPutCmGI%3D", oauth_callback="oob"

Response to POST /api/index/initiate


< HTTP/1.1 200 OK
< Date: Tue, 17 Dec 2015 22:15:15 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.3.24
< Set-Cookie: PHPSESSID=e735c37c5cl9778j1on41v6rj5; path=/; secure; HttpOnly
< Expires: Fri, 17 Jan 2016 22:15:15 GMT
< Cache-Control: private; must-revalidate
< Pragma: no-cache
< Content-Length: 327
< Connection: close
< Content-Type: application/x-www-form-urlencoded
<
< oauth_token=944b...ccf3&oauth_token_secret=8111...03f&oauth_callback_confirmed=true

Step 2 - Authorize User

Request: POST /login/process


> POST /login/process HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 211
> Connection: close
> User-Agent: Python-urllib/2.7
> Host: sso.openx.com
> Cookie: PHPSESSID=e735c37c5cl9778j1on41v6rj5
> Content-Type: application/x-www-form-urlencoded
> Authorization: OAuth realm="", oauth_nonce="62082529", oauth_timestamp="1387318515", 
  oauth_consumer_key="3bb1Öae5", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", 
  oauth_token="944b...ccf3", oauth_signature="QTp3PJmWeXVzWQCf%2FmDZJcRxX1Y%3D", oauth_callback="oob"
>
> password=Testing123&oauth_token=944b...ccf3&email=test_account_google@openx.com

Response to POST /login/process


< HTTP/1.1 200 OK
< Date: Tue, 17 Dec 2015 22:15:15 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.3.24
< Expires: Fri, 17 Jan 2016 22:15:15 GMT
< Cache-Control: private; must-revalidate
< Pragma: no-cache
< Content-Length: 179
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
< oob?oauth_token=944b...ccf3&oauth_verifier=fb6f21ce8e

Step 3 - Request an access token

Request: POST /api/index/token


> POST /api/index/token HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 0
> Connection: close
> User-Agent: Python-urllib/2.7
> Host: sso.openx.com
> Cookie: PHPSESSID=e735c37c5cl9778j1on41v6rj5
> Content-Type: application/x-www-form-urlencoded
> Authorization: OAuth realm="", oauth_nonce="93393548", oauth_timestamp="1387318516", 
  oauth_signature_method="HMAC-SHA1", oauth_consumer_key="3bb1Öae5", oauth_verifier="fb6f21ce8e", 
  oauth_version="1.0", oauth_token="944b...ccf3", oauth_signature="QjBqYFGhCtp6vmtqDsxXElB8Mh8%3D", oauth_callback="oob"

Response to POST /api/index/token


< HTTP/1.1 200 OK
< Date: Tue, 17 Dec 2015 22:15:16 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.3.24
< Expires: Fri, 17 Jan 2016 22:15:16 GMT
< Cache-Control: private; must-revalidate
< Pragma: no-cache
< Content-Length: 334
< Connection: close
< Content-Type: application/x-www-form-urlencoded
< oauth_token=7e1a...ccf4&oauth_token_secret=dc5d...43ad&email=test_account_google@openx.com

Access is granted and the final oauth_token above (7e1a...ccf4) becomes the openx3_access_token cookie in your API requests and must be sent every time.

Step 4 - Use the access token to access protected resources

Syntax

curl -X GET http://<openx_server_name>/ox/4.0/account/<account_uid> --cookie
        "openx3_access_token=token_string"

Example

curl -X GET http://openx_myserver.com/ox/4.0/account/879546 --cookie
        "openx3_access_token=e735c37c5cl...9778j1on41v6rj5"

Feedback form