Generating Client Credentials via OAuth
Documentation: https://apidocs.scrive.com/#oauth
OAuth is mainly used to let other users authenticate themselves to integrations. The authentication process can then be more or less fully automated and will not require input from an administrator once fully set up.
- You must first request temporary credentials using the client credentials identifier and secret from your account’s Integration settings tab.
To do so you must issue a GET request to:
https://${host}/oauth/temporarycredentials?privileges=${privileges}
The authorization header should contain the following parameters:
oauth_signature_method="PLAINTEXT"
oauth_consumer_key="${consumer_key}"
oauth_signature="${consumer_secret}&aaaaaa"
oauth_callback="${oauth_callback_url}"The response will contain an oauth_token and an oauth_token_secret.
- Now redirect the customer to https://${host}/oauth/authorization?oauth_token=${oauth_token}
Replace ${host} and ${oauth_token} with the appropriate values where oauth_token is the token you received in step 1. - If the user authorizes in the prompt, they will get redirected to the callback URL that was set in the first step:
http://www.mywebsite.com/scrive?=&oauth_token=b0d6be3270a2b3ad_8&oauth_verifier=6382be3e8fcafd94
Queried in the URL, you will have an oauth_token and an oauth_verifier You should be able to inspect the redirect on your end and extract the queried tokens. -
You should now have the following information:
oauth_consumer_key
oauth_token
oauth_verifierBy using “oauth_signature_method=”PLAINTEXT”, you can construct a new oauth_signature from the client credentials secret and temporary credentials secret:
oauth_signature_method="PLAINTEXT"
oauth_signature="${consumer_secret}&${oauth_token_secret}" - Finally, compile this into an Authorization header for a request to https://${host}/oauth/tokencredentials
This will result in a response with an oauth_token and an oauth_token_secret. - You should now have all the sufficient credentials to be able to make API calls on behalf of the user. To do this, include the following tokens in the Authorization header:
oauth_consumer_key
oauth_token
oauth_signature_method="PLAINTEXT"
oauth_signature
For information about how to format the authorization header, please see [Formatting the Authorization header]