Authorization

Endpoint for OAuth v1.0 API 



Mobage Simplified Chinese Platform

Mobage Traditional Chinese Platform

API NameHTTP MethodREST URI FragmentDescription
Temporaray CredentialPOST/request_temporary_credentialThis method requests a temporary credential to get the temporary credential token. 
Token CredentialPOST/request_tokenThis API acquires the token credential.

 

Temporaray Credential

Description

This method requests a temporary credential to get the temporary credential token. 

URI Fragment

/request_temporary_credential

HTTP Method

POST

Request Headers

Any request to the Mobage REST APIs must include the Authorization header. For more details, see How to add the Authorization Header for Temporary Credentail 

Response Status Code

HTTP Status CodeHTTP Status MessageMeaning
200OKData successfully acquired
400Bad RequestCorrupt request data on the client side
401UnauthorizedAuthorization error
403ForbiddenThe resource exists, but access is not possible due to a reason other than an authorization error.
500Internal Server ErrorAn error on the API server side
503Service UnavailableThe API cannot be used temporarily


Response Body

  • oauth_token
  • oauth_token_secret
  • oauth_callback_confirmed

Here's an example of the response body:

oauth_token=temporary_credential%3A0ea3f9f6c404522ecacae0107ca2fda7f2ffa792&oauth_token_secret=izUiUJXiUIcFhhqQ7XqB8GUSy9zEv&oauth_callback_confirmed=true 

Resource Owner Authorization

The client application must call the Social.Common.Auth.authorizeToken() method to implement 3-legged OAuth authentication. Pass the token of the temporary credential as an argument. The application then sends the oauth_verifier in the return value to the game server.

See RESTful API Overview for more information.

 

Example

HTTP Request
HTTP Response

 

Token Credential

Description

This method acquires the token credential.

URI Fragment

/request_token

HTTP Method

POST

Request Headers

Any request to the Mobage REST APIs must include the Authorization header. For more details, see How to add the Authorization Header for Token Credentail 

Response Status Code

HTTP Status CodeHTTP Status MessageMeaning
200OKData successfully acquired
400Bad RequestCorrupt request data on the client side
401UnauthorizedAuthorization error
403ForbiddenThe resource exists, but access is not possible due to a reason other than an authorization error.
500Internal Server ErrorAn error on the API server side
503Service UnavailableThe API cannot be used temporarily

 

Response Body

  • oauth_token
  • oauth_token_secret
  • oauth2_token

Example

HTTP Request
HTTP Response

How to Add the Authorization Header for Temporary Credential

Follow the 3 steps below to add an "Authorization" Header for temporary credential:

Step 1. Create the base string

1. build a string for the OAuth parameters:  firstly sort the following parameters alphabetically, URL encode the names and values, then join name and value with "=", finally join name/value pairs with "&" 

ParameterDescriptionValue
oauth_callbackRedirect URIOnly oob (Out-of-band) is specifiable
oauth_consumer_keyThe Consumer Key for the applicationIssued when resist the application
oauth_nonceUnique value for each requestGenerated on the game server
oauth_signature_methodHash methodOnly HMAC-SHA1 is specifiable
oauth_timestampUNIX timestampGenerated on the game server
oauth_versionOAuth versionOnly 1.0

2. encode the following three parameters.

ParameterDescription
Request MethodHTTP Method to the API Server
API URLURL to the API Server (exclude query parameters)
OAuth ParametersA string built in the previous step

3. join the encoded parameters with "&".

Step 2. Generate the oauth_signature

1. build a secret by joining the Consumer Secret and  the empty string with "&"

2. Pass the base string and secret to the HMAC-SHA1 hashing algorithm.

3. the output of HMAC-SHA1 hashing algorithm is a binary string. Use base64 encode to produce the signature string.

A tool is provided to verify whether your signature is correct. Refer to Oauth Signature Tool

Step 3. Build the Authorization Header

1. Name and value in the table below are URL-encoded

2. Double quote the value, join name and value with "=", join name/value pairs with ","

3. Add realm parameter as an option

4. Add "OAuth " (including the space at the end) to the beginning of the header.

ParameterValue
oauth_callbackOnly oob (Out-of-band) is specifiable
oauth_consumer_keyIssued when resist the application
oauth_nonceGenerated on the game server
oauth_signatureGenerated on the game server, Refer to Step2
oauth_signature_methodonly "HMAC-SHA1" is specifiable
oauth_timestampGenerated on the game server
oauth_versionOnly 1.0
Authorization Header example

The parameters for base string are as follows:

ParameterValue
Request MethodPOST
API URLhttp://sp.sb.mobage-platform.cn/social/api/oauth/v2.01/request_temporary_credential
oauth_callbackoob
oauth_consumer_key9a9884572c246994632d
oauth_nonceU0KYtsU5Y7UyFVw1
oauth_timestamp1361269015
oauth_signature_methodHMAC-SHA1
oauth_version1.0

The created base string:

 

POST&
http%3A%2F%2Fsp.sb.mobageplatform.cn%2Fsocial%2Fapi%2Foauth%2Fv2.01%2Frequest_temporary_credential&
oauth_callback%3Doob%26
oauth_consumer_key%3D9a9884572c246994632d%26
oauth_nonce%3DU0KYtsU5Y7UyFVw1%26
oauth_signature_method%3DHMAC-SHA1%26
oauth_timestamp%3D1361269015%26
oauth_version%3D1.0

The generated oauth_signature:

cqSNkXvPTgkyiJWaMl49kifUnL8=

The built authorization header:

OAuth oauth_callback="oob",oauth_consumer_key="9a9884572c246994632d",oauth_nonce="U0KYtsU5Y7UyFVw1",oauth_signature="cqSNkXvPTgkyiJWaMl49kifUnL8%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1361269015",oauth_version="1.0",realm=""

 

How to Add the Authorization Header for Token Credential

Follow the 3 steps below to add an "Authorization" Header for token credential:

Step 1. Create the base string

1. build a string for the OAuth parameters:  firstly sort the following parameters alphabetically, URL encode the names and values, then join name and value with "=", finally join name/value pairs with "&" 

ParameterDescriptionValue
oauth_consumer_keyThe Consumer Key for the applicationIssued when resist the application
oauth_nonceUnique value for each requestGenerated on the game server
oauth_signature_methodHash methodOnly HMAC-SHA1 is specifiable
oauth_timestampUNIX timestampGenerated on the game server
oauth_tokenThe token code

Temporary credential

oauth_verifierThe verification codeSent from the client application
oauth_versionOAuth versionOnly 1.0

2. encode the following three parameters.

ParameterDescription
Request MethodHTTP Method to the API Server
API URLURL to the API Server (exclude query parameters)
OAuth ParametersA string built in the previous step

3. join the encoded parameters with "&".

Step 2. Generate the oauth_signature

1. build a secret by joining the Consumer Secret and  the Token Secret (obtained from the temporary credential) with "&".

2. Pass the base string and secret to the HMAC-SHA1 hashing algorithm.

3. the output of HMAC-SHA1 hashing algorithm is a binary string. Use base64 encode to produce the signature string.

A tool is provided to verify whether your signature is correct. Refer to Oauth Signature Tool

Step 3. Build the Authorization Header

1. Name and value in the table below are URL-encoded

2. Double quote the value, join name and value with "=", join name/value pairs with ","

3. Add realm parameter as an option

4. Add "OAuth " (including the space at the end) to the beginning of the header.

ParameterValue
oauth_consumer_keyIssued when resist the application
oauth_nonceGenerated on the game server
oauth_signatureGenerated on the game server, Refer to Step2
oauth_signature_methodonly "HMAC-SHA1" is specifiable
oauth_timestampGenerated on the game server
oauth_token

the temporary credential.

oauth_verifierSent from the client application
oauth_versionOnly 1.0
Authorization Header example

Parameters

ParameterValue
oauth_consumer_key9a9884572c246994632d
oauth_noncehaDOVkGpKG34iFoS
oauth_signature_methodHMAC-SHA1
oauth_timestamp1361269025
oauth_token

temporary_credential:0764f6dfe3ab1ff57f3b29f155991379d7b231ce

oauth_verifier

7e8e4e4913bf1c41fca8342d3489cb3748f1719219cee722a3b7729190f249fa

oauth_version1.0

The created base string:

POST&

http%3A%2F%2Fsp.sb.mobage-platform.cn%2Fsocial%2Fapi%2Foauth%2Fv2.01%2Frequest_token&

oauth_consumer_key%3D9a9884572c246994632d%26

oauth_nonce%3DhaDOVkGpKG34iFoS%26

oauth_signature_method%3DHMAC-SHA1%26

oauth_timestamp%3D1361269025%26

oauth_token%3Dtemporary_credential%253A0764f6dfe3ab1ff57f3b29f155991379d7b231ce%26

oauth_verifier%3D7e8e4e4913bf1c41fca8342d3489cb3748f1719219cee722a3b7729190f249fa%26

oauth_version%3D1.0


Note that the characters in red is %253A instead of %25 due to URL encoded twice.


The generated signature:

gTwhtRw7zhuBeMMZedKwCauRKlg=

The built authorization header:

OAuth oauth_consumer_key="9a9884572c246994632d",oauth_nonce="haDOVkGpKG34iFoS",oauth_signature="gTwhtRw7zhuBeMMZedKwCauRKlg%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1361269025",oauth_token="temporary_credential%3A0764f6dfe3ab1ff57f3b29f155991379d7b231ce",oauth_verifier="7e8e4e4913bf1c41fca8342d3489cb3748f1719219cee722a3b7729190f249fa",oauth_version="1.0",realm=""

PREVIOUS

RESTful API Overview

NEXT

Appdata