Programmatic Authentication Sample
Last updated on May 17, 2017
All calls to the Platform API must be authenticated with a security token, which you can retrieve through the OpenX OAuth Server located at https://sso.openx.com
. You can then include the token in subsequent API calls.
The following sample OAuth session log shows successfully signed OAuth requests using the following calls:
- 1.
POST /api/index/initiate
]: Request an Unauthorized Request Token - 2.
POST /login/process
]: Authorize the User - 3.
POST /api/index/token
]: Request an Access Token
In the final call to sso.openx.com/api/index/token
, the oauth_token
value in the response is the value used for the openx3_access_token
cookie for API requests.
1. Requesting an Unauthorized Request Token
The following sample shows the values for the header fields. To send these values on a command line, you could use curl but your client application most likely transfers these values using your preferred language (PHP, Python, Ruby on Rails, etc.).
The following are request and response samples for POST /api/index/initiate
.
Request
> POST /api/index/initiate HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 0
> Host: sso.openx.com
> User-Agent: Python-urllib/2.7
> Connection: close
> Content-Type: application/x-www-form-urlencoded
> Authorization: OAuth realm="", oauth_nonce="5318660", oauth_timestamp="1387318515",
oauth_consumer_key="3bb1...ae5", oauth_signature_method="HMAC-SHA1", oauth_version="1.0",
oauth_signature="O33SvRJBlBsrVglailYYPutCmGI%3D", oauth_callback="oob"
Response
< HTTP/1.1 200 OK
< Date: Tue, 17 Dec 2015 22:15:15 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.3.24
< Set-Cookie: PHPSESSID=e735c37c5cl9778j1on41v6rj5; path=/; secure; HttpOnly
< Expires: Fri, 17 Jan 2016 22:15:15 GMT
< Cache-Control: private; must-revalidate
< Pragma: no-cache
< Content-Length: 327
< Connection: close
< Content-Type: application/x-www-form-urlencoded
<
< oauth_token=944b...ccf3&oauth_token_secret=8111...03f&oauth_callback_confirmed=true
2. Authorizing the User
The following are request and response samples for POST /login/process
.
Request
> POST /login/process HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 211
> Connection: close
> User-Agent: Python-urllib/2.7
> Host: sso.openx.com
> Cookie: PHPSESSID=e735c37c5cl9778j1on41v6rj5
> Content-Type: application/x-www-form-urlencoded
> Authorization: OAuth realm="", oauth_nonce="62082529", oauth_timestamp="1387318515",
oauth_consumer_key="3bb1Öae5", oauth_signature_method="HMAC-SHA1", oauth_version="1.0",
oauth_token="944b...ccf3", oauth_signature="QTp3PJmWeXVzWQCf%2FmDZJcRxX1Y%3D", oauth_callback="oob"
>
> password=Testing123&oauth_token=944b...ccf3&email=test_account_google@openx.com
Response
< HTTP/1.1 200 OK
< Date: Tue, 17 Dec 2015 22:15:15 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.3.24
< Expires: Fri, 17 Jan 2016 22:15:15 GMT
< Cache-Control: private; must-revalidate
< Pragma: no-cache
< Content-Length: 179
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
< oob?oauth_token=944b...ccf3&oauth_verifier=fb6f21ce8e
3. Requesting an Access Token
The following are request and response samples for POST /api/index/token
.
Request
> POST /api/index/token HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 0
> Connection: close
> User-Agent: Python-urllib/2.7
> Host: sso.openx.com
> Cookie: PHPSESSID=e735c37c5cl9778j1on41v6rj5
> Content-Type: application/x-www-form-urlencoded
> Authorization: OAuth realm="", oauth_nonce="93393548", oauth_timestamp="1387318516",
oauth_signature_method="HMAC-SHA1", oauth_consumer_key="3bb1Öae5", oauth_verifier="fb6f21ce8e",
oauth_version="1.0", oauth_token="944b...ccf3", oauth_signature="QjBqYFGhCtp6vmtqDsxXElB8Mh8%3D", oauth_callback="oob"
Response
< HTTP/1.1 200 OK
< Date: Tue, 17 Dec 2015 22:15:16 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.3.24
< Expires: Fri, 17 Jan 2016 22:15:16 GMT
< Cache-Control: private; must-revalidate
< Pragma: no-cache
< Content-Length: 334
< Connection: close
< Content-Type: application/x-www-form-urlencoded
< oauth_token=7e1a...ccf4&oauth_token_secret=dc5d...43ad&email=test_account_google@openx.com
Access is granted and the final oauth_token
above (7e1a...ccf4) becomes the openx3_access_token
cookie in your API requests and must be sent every time.
4. Accessing Protected Resources with the Access Token
The following examples allow you to access protected resources with the access token.
Syntax
curl -X GET http://<openx_server_name>/ox/4.0/account/<account_uid> --cookie
"openx3_access_token=token_string"
Example
curl -X GET http://openx_myserver.com/ox/4.0/account/879546 --cookie
"openx3_access_token=e735c37c5cl...9778j1on41v6rj5"