OAuth Basics

Quipt’s web services rely on OAuth 1.0 revision A as the authorization framework.

Web based application:
oauth-web-based

Step 1 – Initiate

This begins the OAuth 1.0a authorization process for a Quipt user. The response includes the request ‘token’ and ‘secret’ to be used in later steps.

URLhttps://app.getquipt.com/oauth/initiate

Methodpost

Header:

POST https://app.getquipt.com/oauth/initiate 
Authorization: OAuth oauth_consumer_key="{your application's consumer key}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{unix time}",oauth_nonce="{random number}",oauth_version="1.0",oauth_callback="{url to redirect to after authorization}",oauth_signature="{calculated signature based on parameters}"

POST https://app.getquipt.com/oauth/initiate

Authorization: OAuth oauth_consumer_key="{your application's consumer key}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{unix time}",oauth_nonce="{random number}",oauth_version="1.0",oauth_callback="{url to redirect to after authorization}",oauth_signature="{calculated signature based on parameters}"

Sample Response:

oauth_token={save for later steps}&oauth_token_secret={save for later steps}&oauth_callback_confirmed=true

1	oauth_token={save for later steps}&oauth_token_secret={save for later steps}&oauth_callback_confirmed=true

Step 2 – Authorize

Redirect the user to the Quipt authorization page. If the user accepts the authorization the user will be redirected to the defined ‘oauth_callback’.

URLhttps://app.getquipt.com/#/oauth/authorizing?oauth_token={token}

Methodget

Parameters:

Name	Description	Type	Required
{token}	The 'oauth_token' value returned by 'Step 1 – Initiate'.	String	Yes

Authorization

After completing the authorization the user will be redirected to the ‘oauth_callback’ URL defined during ‘/oauth/initiate’. 2 query string parameters will be appended to the URL. Defined in the following table.

Parameters:

Name	Description	Type	Required
{oauth_token}	The request token, as provided by 'Step 1 – Initiate'. It may be used as a state check.	String	Yes
{oauth_verifier}	The code in include in the call to '/oauth/token'.	String	Yes

Step 3 – Token

To ensure same client is authorizing the application a final step is required to provide the verifier_code when calling ‘/oauth/token’. The successful response is the access ‘token’ and ‘secret’. These are the values that should be used to call Quipt API.

URLhttps://app.getquipt.com/oauth/token

Methodpost

Header:

POST https://app.getquipt.com/oauth/token
Authorization: OAuth oauth_consumer_key="{your application's consumer key}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{unix time}",oauth_nonce="{random number}",oauth_version="1.0",oauth_verifier="{verifier from authorization redirect}",oauth_signature="{calculated signature based on parameters}"

POST https://app.getquipt.com/oauth/token

Authorization: OAuth oauth_consumer_key="{your application's consumer key}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{unix time}",oauth_nonce="{random number}",oauth_version="1.0",oauth_verifier="{verifier from authorization redirect}",oauth_signature="{calculated signature based on parameters}"

Sample Response:

oauth_token={save to call the Quipt API}&oauth_token_secret={save to call the Quipt API}

1	oauth_token={save to call the Quipt API}&oauth_token_secret={save to call the Quipt API}

OAuth Basics

Quipt’s web services rely on OAuth 1.0 revision A as the authorization framework.

Web based application:
oauth-web-based

Step 1 – Initiate

This begins the OAuth 1.0a authorization process for a Quipt user. The response includes the request ‘token’ and ‘secret’ to be used in later steps.

URLhttps://app.getquipt.com/oauth/initiate

Methodpost

Header:

POST https://app.getquipt.com/oauth/initiate 
Authorization: OAuth oauth_consumer_key="{your application's consumer key}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{unix time}",oauth_nonce="{random number}",oauth_version="1.0",oauth_callback="{url to redirect to after authorization}",oauth_signature="{calculated signature based on parameters}"

POST https://app.getquipt.com/oauth/initiate

Sample Response:

oauth_token={save for later steps}&oauth_token_secret={save for later steps}&oauth_callback_confirmed=true

1	oauth_token={save for later steps}&oauth_token_secret={save for later steps}&oauth_callback_confirmed=true

Step 2 – Authorize

Redirect the user to the Quipt authorization page. If the user accepts the authorization the user will be redirected to the defined ‘oauth_callback’.

URLhttps://app.getquipt.com/#/oauth/authorizing?oauth_token={token}

Methodget

Parameters:

Name	Description	Type	Required
{token}	The 'oauth_token' value returned by 'Step 1 – Initiate'.	String	Yes

Authorization

Parameters:

Name	Description	Type	Required
{oauth_token}	The request token, as provided by 'Step 1 – Initiate'. It may be used as a state check.	String	Yes
{oauth_verifier}	The code in include in the call to '/oauth/token'.	String	Yes

Step 3 – Token

URLhttps://app.getquipt.com/oauth/token

Methodpost

Header:

POST https://app.getquipt.com/oauth/token
Authorization: OAuth oauth_consumer_key="{your application's consumer key}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{unix time}",oauth_nonce="{random number}",oauth_version="1.0",oauth_verifier="{verifier from authorization redirect}",oauth_signature="{calculated signature based on parameters}"

POST https://app.getquipt.com/oauth/token

Authorization: OAuth oauth_consumer_key="{your application's consumer key}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{unix time}",oauth_nonce="{random number}",oauth_version="1.0",oauth_verifier="{verifier from authorization redirect}",oauth_signature="{calculated signature based on parameters}"

Sample Response:

oauth_token={save to call the Quipt API}&oauth_token_secret={save to call the Quipt API}

1	oauth_token={save to call the Quipt API}&oauth_token_secret={save to call the Quipt API}