Authorization
Endpoint for OAuth v1.0 API
Mobage Simplified Chinese Platform
| Environment | URL |
|---|---|
| Production Auth | http://sp.mobage-platform.cn/social/api/oauth/v2.01 |
| Sandbox Auth | http://sp.sb.mobage-platform.cn/social/api/oauth/v2.01 |
Mobage Traditional Chinese Platform
Environment | URL |
|---|---|
| Production Auth | http://sp.mobage-platform.tw/social/api/oauth/v2.01 |
| Sandbox Auth | http://sp.sb.mobage-platform.tw/social/api/oauth/v2.01 |
| API Name | HTTP Method | REST URI Fragment | Description |
|---|---|---|---|
| Temporaray Credential | POST | /request_temporary_credential | This method requests a temporary credential to get the temporary credential token. |
| Token Credential | POST | /request_token | This API acquires the token credential. |
Temporaray Credential
Description
This method requests a temporary credential to get the temporary credential token.
URI Fragment
/request_temporary_credential
HTTP Method
POST
Request Headers
Any request to the Mobage REST APIs must include the Authorization header. For more details, see How to add the Authorization Header for Temporary Credentail .
Response Status Code
| HTTP Status Code | HTTP Status Message | Meaning |
|---|---|---|
| 200 | OK | Data successfully acquired |
| 400 | Bad Request | Corrupt request data on the client side |
| 401 | Unauthorized | Authorization error |
| 403 | Forbidden | The resource exists, but access is not possible due to a reason other than an authorization error. |
| 500 | Internal Server Error | An error on the API server side |
| 503 | Service Unavailable | The API cannot be used temporarily |
Response Body
oauth_tokenoauth_token_secretoauth_callback_confirmed
Here's an example of the response body:
oauth_token=temporary_credential%3A0ea3f9f6c404522ecacae0107ca2fda7f2ffa792&oauth_token_secret=izUiUJXiUIcFhhqQ7XqB8GUSy9zEv&oauth_callback_confirmed=true
 | Resource Owner Authorization The client application must call the See RESTful API Overview for more information. |
Example
Token Credential
Description
This method acquires the token credential.
URI Fragment
/request_token
HTTP Method
POST
Request Headers
Any request to the Mobage REST APIs must include the Authorization header. For more details, see How to add the Authorization Header for Token Credentail .
Response Status Code
| HTTP Status Code | HTTP Status Message | Meaning |
|---|---|---|
| 200 | OK | Data successfully acquired |
| 400 | Bad Request | Corrupt request data on the client side |
| 401 | Unauthorized | Authorization error |
| 403 | Forbidden | The resource exists, but access is not possible due to a reason other than an authorization error. |
| 500 | Internal Server Error | An error on the API server side |
| 503 | Service Unavailable | The API cannot be used temporarily |
Response Body
oauth_tokenoauth_token_secretoauth2_token
Example
How to Add the Authorization Header for Temporary Credential
Follow the 3 steps below to add an "Authorization" Header for temporary credential:
Step 1. Create the base string
1. build a string for the OAuth parameters: firstly sort the following parameters alphabetically, URL encode the names and values, then join name and value with "=", finally join name/value pairs with "&"
| Parameter | Description | Value |
|---|---|---|
oauth_callback | Redirect URI | Only oob (Out-of-band) is specifiable |
oauth_consumer_key | The Consumer Key for the application | Issued when resist the application |
oauth_nonce | Unique value for each request | Generated on the game server |
oauth_signature_method | Hash method | Only HMAC-SHA1 is specifiable |
oauth_timestamp | UNIX timestamp | Generated on the game server |
oauth_version | OAuth version | Only 1.0 |
2. encode the following three parameters.
| Parameter | Description |
|---|---|
| Request Method | HTTP Method to the API Server |
| API URL | URL to the API Server (exclude query parameters) |
| OAuth Parameters | A string built in the previous step |
3. join the encoded parameters with "&".
Step 2. Generate the oauth_signature
1. build a secret by joining the Consumer Secret and the empty string with "&"
2. Pass the base string and secret to the HMAC-SHA1 hashing algorithm.
3. the output of HMAC-SHA1 hashing algorithm is a binary string. Use base64 encode to produce the signature string.
A tool is provided to verify whether your signature is correct. Refer to Oauth Signature Tool.
Step 3. Build the Authorization Header
1. Name and value in the table below are URL-encoded
2. Double quote the value, join name and value with "=", join name/value pairs with ","
3. Add realm parameter as an option
4. Add "OAuth " (including the space at the end) to the beginning of the header.
| Parameter | Value |
|---|---|
| oauth_callback | Only oob (Out-of-band) is specifiable |
| oauth_consumer_key | Issued when resist the application |
| oauth_nonce | Generated on the game server |
| oauth_signature | Generated on the game server, Refer to Step2 |
| oauth_signature_method | only "HMAC-SHA1" is specifiable |
| oauth_timestamp | Generated on the game server |
| oauth_version | Only 1.0 |
Authorization Header example
The parameters for base string are as follows:
| Parameter | Value |
|---|---|
| Request Method | POST |
| API URL | http://sp.sb.mobage-platform.cn/social/api/oauth/v2.01/request_temporary_credential |
oauth_callback | oob |
oauth_consumer_key | 9a9884572c246994632d |
oauth_nonce | U0KYtsU5Y7UyFVw1 |
oauth_timestamp | 1361269015 |
oauth_signature_method | HMAC-SHA1 |
oauth_version | 1.0 |
The created base string:
POST&
http%3A%2F%2Fsp.sb.mobageplatform.cn%2Fsocial%2Fapi%2Foauth%2Fv2.01%2Frequest_temporary_credential&
oauth_callback%3Doob%26
oauth_consumer_key%3D9a9884572c246994632d%26
oauth_nonce%3DU0KYtsU5Y7UyFVw1%26
oauth_signature_method%3DHMAC-SHA1%26
oauth_timestamp%3D1361269015%26
oauth_version%3D1.0
The generated oauth_signature:
cqSNkXvPTgkyiJWaMl49kifUnL8=
The built authorization header:
OAuth oauth_callback="oob",oauth_consumer_key="9a9884572c246994632d",oauth_nonce="U0KYtsU5Y7UyFVw1",oauth_signature="cqSNkXvPTgkyiJWaMl49kifUnL8%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1361269015",oauth_version="1.0",realm=""
How to Add the Authorization Header for Token Credential
Follow the 3 steps below to add an "Authorization" Header for token credential:
Step 1. Create the base string
1. build a string for the OAuth parameters: firstly sort the following parameters alphabetically, URL encode the names and values, then join name and value with "=", finally join name/value pairs with "&"
| Parameter | Description | Value |
|---|---|---|
oauth_consumer_key | The Consumer Key for the application | Issued when resist the application |
oauth_nonce | Unique value for each request | Generated on the game server |
oauth_signature_method | Hash method | Only HMAC-SHA1 is specifiable |
oauth_timestamp | UNIX timestamp | Generated on the game server |
oauth_token | The token code | Temporary credential |
oauth_verifier | The verification code | Sent from the client application |
oauth_version | OAuth version | Only 1.0 |
2. encode the following three parameters.
| Parameter | Description |
|---|---|
| Request Method | HTTP Method to the API Server |
| API URL | URL to the API Server (exclude query parameters) |
| OAuth Parameters | A string built in the previous step |
3. join the encoded parameters with "&".
Step 2. Generate the oauth_signature
1. build a secret by joining the Consumer Secret and the Token Secret (obtained from the temporary credential) with "&".
2. Pass the base string and secret to the HMAC-SHA1 hashing algorithm.
3. the output of HMAC-SHA1 hashing algorithm is a binary string. Use base64 encode to produce the signature string.
A tool is provided to verify whether your signature is correct. Refer to Oauth Signature Tool.
Step 3. Build the Authorization Header
1. Name and value in the table below are URL-encoded
2. Double quote the value, join name and value with "=", join name/value pairs with ","
3. Add realm parameter as an option
4. Add "OAuth " (including the space at the end) to the beginning of the header.
| Parameter | Value |
|---|---|
| oauth_consumer_key | Issued when resist the application |
| oauth_nonce | Generated on the game server |
| oauth_signature | Generated on the game server, Refer to Step2 |
| oauth_signature_method | only "HMAC-SHA1" is specifiable |
| oauth_timestamp | Generated on the game server |
| oauth_token | the temporary credential. |
| oauth_verifier | Sent from the client application |
| oauth_version | Only 1.0 |
Authorization Header example
Parameters
| Parameter | Value |
|---|---|
oauth_consumer_key | 9a9884572c246994632d |
oauth_nonce | haDOVkGpKG34iFoS |
oauth_signature_method | HMAC-SHA1 |
oauth_timestamp | 1361269025 |
oauth_token | temporary_credential:0764f6dfe3ab1ff57f3b29f155991379d7b231ce |
oauth_verifier | 7e8e4e4913bf1c41fca8342d3489cb3748f1719219cee722a3b7729190f249fa |
oauth_version | 1.0 |
The created base string:
POST&
http%3A%2F%2Fsp.sb.mobage-platform.cn%2Fsocial%2Fapi%2Foauth%2Fv2.01%2Frequest_token&
oauth_consumer_key%3D9a9884572c246994632d%26
oauth_nonce%3DhaDOVkGpKG34iFoS%26
oauth_signature_method%3DHMAC-SHA1%26
oauth_timestamp%3D1361269025%26
oauth_token%3Dtemporary_credential%253A0764f6dfe3ab1ff57f3b29f155991379d7b231ce%26
oauth_verifier%3D7e8e4e4913bf1c41fca8342d3489cb3748f1719219cee722a3b7729190f249fa%26
oauth_version%3D1.0
 | Note that the characters in red is %253A instead of %25 due to URL encoded twice. |
The generated signature:
gTwhtRw7zhuBeMMZedKwCauRKlg=
The built authorization header:
OAuth oauth_consumer_key="9a9884572c246994632d",oauth_nonce="haDOVkGpKG34iFoS",oauth_signature="gTwhtRw7zhuBeMMZedKwCauRKlg%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1361269025",oauth_token="temporary_credential%3A0764f6dfe3ab1ff57f3b29f155991379d7b231ce",oauth_verifier="7e8e4e4913bf1c41fca8342d3489cb3748f1719219cee722a3b7729190f249fa",oauth_version="1.0",realm=""