The following code uses the OAuth Client library found here: (http://code.google.com/p/oauth-php/) -- but any library will work.
/**
* testapiAction
* The following code tests the OAUTH authentication method of our API.
* It uses the OAUTH clientside library -- but any oauth library would work.
* Much of this code will be handled by your library -- but we're spelling everything out here.
* the most important pieces of information are: consumer key, secret, the end_point URLS and the callback url. (and the URL of the API too)
* @author Christian
*/
public function testapiAction()
{
//The following codes are the consumer key and secret
//every application that uses our api will need one of these and you can register one at http://appv3.sgizmo.com/Account/restful-register (in an account)
$key = 'put your key here'; // this is your consumer key
$secret = 'put your secret here'; // this is your secret
//This is the main "head" of the api -- all oauth calls go through the API.
$host = 'http://restapi.surveygizmo.com/head';
//This is the URL that we use to request a new access token
$request_token = $host .'/oauth/request_token';
//After getting an access token we'll want to have the user authenicate
$authorize_url = $host .'/oauth/authenticate';
//this final call fetches an access token.
$access_token = $host .'/oauth/access_token';
//CREATE an OAUTH SESSION
$options = array
(
'consumer_key' => $key,
'consumer_secret' => $secret,
'request_token_uri' => $request_token,
'authorize_uri' => $authorize_url,
'access_token_uri' => $access_token
);
//create the acctual session (this is where perminant tokens would be loaded in real code... but just testign here)
OAuthStore::instance("Session", $options);
try
{
// Okie dokie, let's see if we are already in the process of getting a token or not
if (empty($_GET["oauth_token"]))
{ // nope, no token -- so let's start by requesting an access token from the surveygizmo api
$getAuthTokenParams = array('xoauth_displayname' => 'Christian Vaneks Groovy Test', //this is the name of the application asking for Approval. It will be shown on the approval page
'oauth_callback' => 'http://beta.sgizmo.com/Widget/testapi'); // this is the call back to my application (this test code)
//Request a Request Token - this is done totally server-to-server
$tokenResultParams = OAuthRequester::requestRequestToken($key, 0, $getAuthTokenParams);
//Okie dokie, now let's authorize (this requires a redirect) -- when we come back we'll be in the next part of this IF statement
header("Location: " . $authorize_url . "?oauth_token=" . $tokenResultParams['token']);
}
else
{
//We have a request token that's been authorized at this point (assuming the login and the "approve" button was pressed successfully)
$oauthToken = $_GET["oauth_token"];
//Let's load the auth token from the GET parameter
$tokenResultParams = $_GET;
try {
//the next step is to ask for an access token (which actually lets us grab data).
OAuthRequester::requestAccessToken($key, $oauthToken, 0, 'POST', $_GET);
}
catch (OAuthException2 $e)
{
echo "Errors occured" . $e;
//if an error occurs here it's likely the result of a signature verification problem. It might also be be-becuase the request token expired (unlikely for us)
return;
}
//WE HAVE ACCESS!!!
//Yes, at this point the token has been flagged as authorized and turned into an access token - ready to make calls.
//so let's make a simple call to get the user list from the API for this account
$request = new OAuthRequester("http://restapi.surveygizmo.com/head/AccountUser.debug", 'GET', $tokenResultParams);
//making request...
$result = $request->doRequest(0);
//Request has been made! Let's display the results
if ($result['code'] == 200) // codes in the 200s mean success.
{
//print out the token information (just for fun)
echo 'Token Result
'; print_r($tokenResultParams); //this is the entire $result array returned from the OAuthClient library echo '
Result
'; print_r($result); //this is likely what we are interested in -- the body of the response from the other server echo '
Body
'; print_r($result['body']); } else { //if we didn't get 200 back it's an error echo 'Error'; } } } catch(OAuthException2 $e) { //general error catching. sure hope we don't need it! echo "OAuthException: " . $e->getMessage(); } exit; }