Link Search Menu Expand Document

PDF

Programmatic Authentication Sample

Platform API

Last updated on May 17, 2017


All calls to the Platform API must be authenticated with a security token, which you can retrieve through the OpenX OAuth Server located at https://sso.openx.com. You can then include the token in subsequent API calls.

The following sample OAuth session log shows successfully signed OAuth requests using the following calls:

  • 1. POST /api/index/initiate]: Request an Unauthorized Request Token
  • 2. POST /login/process]: Authorize the User
  • 3. POST /api/index/token]: Request an Access Token

In the final call to sso.openx.com/api/index/token, the oauth_token value in the response is the value used for the openx3_access_token cookie for API requests.


1. Requesting an Unauthorized Request Token

The following sample shows the values for the header fields. To send these values on a command line, you could use curl but your client application most likely transfers these values using your preferred language (PHP, Python, Ruby on Rails, etc.).

The following are request and response samples for POST /api/index/initiate.

Request

> POST /api/index/initiate HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 0
> Host: sso.openx.com
> User-Agent: Python-urllib/2.7
> Connection: close
> Content-Type: application/x-www-form-urlencoded
> Authorization: OAuth realm="", oauth_nonce="5318660", oauth_timestamp="1387318515",
  oauth_consumer_key="3bb1...ae5", oauth_signature_method="HMAC-SHA1", oauth_version="1.0",
  oauth_signature="O33SvRJBlBsrVglailYYPutCmGI%3D", oauth_callback="oob"

Response

< HTTP/1.1 200 OK
< Date: Tue, 17 Dec 2015 22:15:15 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.3.24
< Set-Cookie: PHPSESSID=e735c37c5cl9778j1on41v6rj5; path=/; secure; HttpOnly
< Expires: Fri, 17 Jan 2016 22:15:15 GMT
< Cache-Control: private; must-revalidate
< Pragma: no-cache
< Content-Length: 327
< Connection: close
< Content-Type: application/x-www-form-urlencoded
<
< oauth_token=944b...ccf3&oauth_token_secret=8111...03f&oauth_callback_confirmed=true

2. Authorizing the User

The following are request and response samples for POST /login/process.

Request

> POST /login/process HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 211
> Connection: close
> User-Agent: Python-urllib/2.7
> Host: sso.openx.com
> Cookie: PHPSESSID=e735c37c5cl9778j1on41v6rj5
> Content-Type: application/x-www-form-urlencoded
> Authorization: OAuth realm="", oauth_nonce="62082529", oauth_timestamp="1387318515",
  oauth_consumer_key="3bb1Öae5", oauth_signature_method="HMAC-SHA1", oauth_version="1.0",
  oauth_token="944b...ccf3", oauth_signature="QTp3PJmWeXVzWQCf%2FmDZJcRxX1Y%3D", oauth_callback="oob"
>
> password=Testing123&oauth_token=944b...ccf3&email=test_account_google@openx.com

Response

< HTTP/1.1 200 OK
< Date: Tue, 17 Dec 2015 22:15:15 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.3.24
< Expires: Fri, 17 Jan 2016 22:15:15 GMT
< Cache-Control: private; must-revalidate
< Pragma: no-cache
< Content-Length: 179
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
< oob?oauth_token=944b...ccf3&oauth_verifier=fb6f21ce8e

3. Requesting an Access Token

The following are request and response samples for POST /api/index/token.

Request

> POST /api/index/token HTTP/1.1
> Accept-Encoding: identity
> Content-Length: 0
> Connection: close
> User-Agent: Python-urllib/2.7
> Host: sso.openx.com
> Cookie: PHPSESSID=e735c37c5cl9778j1on41v6rj5
> Content-Type: application/x-www-form-urlencoded
> Authorization: OAuth realm="", oauth_nonce="93393548", oauth_timestamp="1387318516",
  oauth_signature_method="HMAC-SHA1", oauth_consumer_key="3bb1Öae5", oauth_verifier="fb6f21ce8e",
  oauth_version="1.0", oauth_token="944b...ccf3", oauth_signature="QjBqYFGhCtp6vmtqDsxXElB8Mh8%3D", oauth_callback="oob"

Response

< HTTP/1.1 200 OK
< Date: Tue, 17 Dec 2015 22:15:16 GMT
< Server: Apache/2.2.3 (CentOS)
< X-Powered-By: PHP/5.3.24
< Expires: Fri, 17 Jan 2016 22:15:16 GMT
< Cache-Control: private; must-revalidate
< Pragma: no-cache
< Content-Length: 334
< Connection: close
< Content-Type: application/x-www-form-urlencoded
< oauth_token=7e1a...ccf4&oauth_token_secret=dc5d...43ad&email=test_account_google@openx.com

Access is granted and the final oauth_token above (7e1a...ccf4) becomes the openx3_access_token cookie in your API requests and must be sent every time.


4. Accessing Protected Resources with the Access Token

The following examples allow you to access protected resources with the access token.

Syntax

curl -X GET http://<openx_server_name>/ox/4.0/account/<account_uid> --cookie
        "openx3_access_token=token_string"

Example

curl -X GET http://openx_myserver.com/ox/4.0/account/879546 --cookie
        "openx3_access_token=e735c37c5cl...9778j1on41v6rj5"