Feeds:
Posts
Comments

Posts Tagged ‘API’

It never happened to me that I’m googling for a technical solution and found nothing helpful. But this time while I was searching for a usable wrapper for delicious OAuth API in .net, I found almost nothing useful.

The guidelines provided at http://delicious.com/help/oauthapi is not so well documented and also not readily usable. So I was looking for a .NET wrapper. But unfortunately I ended up having some scattered suggestions and buggy code snippets which caused me more pain than help. Having no good wrapper for delicious OAuth, I started modifying David Quail’s LinkedinOauth to make workable with delicious, but after passing authorization and getting access token , I stumbled at calling the delicious API. I was getting Unauthorized 401 error. After a lot of hardship, I was finally able to make successful API calls.

Enough talks. Now, I will describe the OAuth authentication and delicious API calling process step by step. But before that we need to know what is OAuth.

What is OAuth?

OAuth (Open Authorization) is an open protocol that allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their username and password.

OAuth allows users to hand out tokens instead of usernames and passwords to their data hosted by a given service provider like delicious, twitter, linkedin etc.

Following are the steps to make a successful API call to delicious using OAuth.

  1. Get an API key
  2. Get a Request Token
  3. Get user permission to access their data
  4. Get an Access Token
  5. Create the request for Delicious
    1. Building the “Base String”
    2. Generate the signature
    3. Make the request
  6. Refresh Access Token for future API calls without authorization


1. Get an API key

To access any API using OAuth, a consumer/API Key and a consumer/API Secret Key are required. These can be obtained from Yahoo! Developer Network (YDN) API key form. Fill up this form appropriately and set the access scope eg to which of the yahoo owned site(s) you need API access.
Following two figures illustrates the steps to obtain OAuth access keys:

API key form page

API key form page

API key confirmation page

API key confirmation page

From this step you will get following key information:

  1. an Application Id
    aFWQnp1s
  2. an API Key (OAuth consumer key)
    ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6
  3. Shared/Consumer Secret
    1e782b9c13315e30d2fbac12348942cc9db674f2


2. Get a Request Token

After getting the API keys, make a request to the YDN API at the following URL:

https://api.login.yahoo.com/oauth/v2/get_request_token

Include the following parameters:

Request Parameter Description
oauth_nonce A random string.
oauth_timestamp Current timestamp of the request. This value must be +/-600 seconds of the current time.
oauth_consumer_key Your consumer key.
oauth_signature_method The signature method that you use to sign the request. This can be plaintext or hmac-sha1.
oauth_signature Your shared secret.
oauth_version OAuth version (1.0)
xoauth_lang_pref (optional) The language preference of the User; the default value is en-us.
oauth_callback Your callback url as set up in the YDN process.

Your request should look something like the following:

https://api.login.yahoo.com/oauth/v2/get_request_token?oauth_nonce=123456789&oauth_timestamp=1257965367&oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_signature_method=plaintext&oauth_signature=1e782b9c13315e30d2fbac12348942cc9db674f2%26&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=http://mysite.com/callbackurl.aspx

Please note that you must include all the parameters specified above (except ‘xoauth_lang_pref’ which is optional) even though it might seem irrelevant in your case eg in desktop application ‘oauth_callback’ may not be required but still you need to put it in the request url.  ‘http://localhost/’ might be a sample value.

This should result in a response similar to:

oauth_token%3Drpfbncv%26oauth_token_secret%3D5f2e792b36c40edaf7bdd8fb10b6edd1fde87a52%26oauth_expires_in%3D3600%26xoauth_request_auth_url%3Dhttps%253A%252F%252Fapi.login.yahoo.com%252Foauth%252Fv2%252Frequest_auth%253Foauth_token%253Drpfbncv%26oauth_callback_confirmed%3Dtrue

which can be parsed to get:

  • oauth_token
  • oauth_token_secret
  • oauth_expires_in
  • xoauth_request_auth_url
  • oauth_callback_confirmed


3. Get user permission to access their data

To access any data form any of the user’s account, user’s explicit permission is required. To get this permission, we need to redirect the user to the url given in xoauth_request_auth_url with some additional parameters.

Your query parameters should be formed something like this:

<xoauth_request_auth_url>&oauth_nonce=<random string>&oauth_timestamp=<current timestamp>&oauth_consumer_key=<your consumer key>&oauth_signature_method=plaintext&oauth_signature=<your shared secret>&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=<your callback url>

Actual request URL would look like following:

https://api.login.yahoo.com/oauth/v2/request_auth?oauth_token=rpfbncv&oauth_nonce=123456800&oauth_timestamp=1257965400&oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_signature_method=plaintext&oauth_signature=1e782b9c13315e30d2fbac12348942cc9db674f2%26&oauth_version=1.0&xoauth_lang_pref=en-us&oauth_callback=http://mysite.com/callbackurl.aspx

Visiting this URL, user can accept or deny permission to his/her private data. If user permits access to his/her account, an email will be sent to his/her mail account with a link to revoke permission (if required).


4. Get an Access Token

Once the user has given permission for your app to access their data, all callback will be made back to your application in the following format:

<your callback url>?oauth_token=<request token>&oauth_verifier=<verifier> eg http://mysite.com/callbackurl.aspx?oauth_token=rpfbncv&oauth_verifier=burykq

Using the oauth_verifier parameter from above, and the oauth_token and oauth_token_secret (obtained in Step 2), request an access token, like this:

https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=<your consumer key>&oauth_signature_method=plaintext&oauth_version=1.0&oauth_verifier=<oauth_verifier>&oauth_token=<request_token>&oauth_nonce=<random string>&oauth_timestamp=<current timestamp>&oauth_signature=<your consumer secret>%26<request token secret>
eg
https://api.login.yahoo.com/oauth/v2/get_token?oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_signature_method=PLAINTEXT&oauth_version=1.0&oauth_verifier=burykq&oauth_token=rpfbncv&oauth_nonce=987654321&oauth_timestamp=1257965412&oauth_signature=1e782b9c13315e30d2fbac12348942cc9db674f2%266a72597fdc62131f7167be3f9b4f31e955244bee

The response to this request should be an access token string, something like:

oauth_token=A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--&oauth_token_secret=6a72597fdc62131f7167be3f9b4f31e955244bee&oauth_expires_in=3600&oauth_session_handle=AMCJ2ErlG6YUqJHjxodfAPUCkzzz40sQGTA7LLwgZ1WLBVxZ3wosI_Y-&oauth_authorization_expires_in=889514663&xoauth_yahoo_guid=X2OMIMDRXITPDF7UFO5QGPYSZY

From which you can extract:

  • oauth_token
  • oauth_token_secret
  • oauth_expires_in
  • oauth_session_handle
  • oauth_authorization_expires_in
  • xoauth_yahoo_guid


5. Create the request for Delicious

Calling the Delicious API is performed in three steps:

  1. Building the “Base String”
  2. Generate the signature
  3. Make the delicious API call


a. Building the “Base String”

At his point, we have all the necessary information to call the delicious API. But building the request with required parameters is really tricky and 90% of the developers got stuck here. So carefully follow each word of the instructions written below.

Suppose we need to call API http://api.del.icio.us/v2/posts/suggest to get suggestions for http://www.yahoo.com/ eg the full request url is http://api.del.icio.us/v2/posts/suggest?url=http://www.yahoo.com/.

At frist, build a base string as instructed below:

  1. Take all the request parameters that you want to send to the API. In our case, this will be:
    • the url
    • oauth_consumer_key
    • oauth_nonce
    • oauth_signature_method
    • oauth_timestamp
    • oauth_token
    • oauth_version

    Then sort these parameters alphabetically, url encode each of the values and build a string of the format:

    <param1>=<value1>&<param2=<value2>&...&<paramN>=<valueN>
    eg
    oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_nonce=613149020&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1257971461&oauth_token=A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--&oauth_version=1.0&url=http%3A%2F%2Fwww.yahoo.com%2F

  2. Combine the request parameters with the HTTP Method being used (usually GET or POST), and the API url:<method>&<api url>&<request parameters>

    Note: the <api url> and the <request parameters> must be url encoded. Though we url encoded all the parameter values separately in the last step, we need to url encode them combining the key/value pairs.

    eg
    GET&http%3A%2F%2Fapi.del.icio.us%2Fv2%2Fposts%2Fsuggest&oauth_consumer_key%3Def1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6%26oauth_nonce%3D613149020%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1257971461%26oauth_token%3DA%253DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--%26oauth_version%3D1.0%26url%3Dhttp%253A%252F%252Fwww.yahoo.com%252F

Note: Here always the confusion arises which parameters to include in the base string and which not. Actually you need to include all the parameters both oauth’s ones (like oauth_consumer_key,  oauth_token etc.) and requested API’s ones (url for this example). If API url contains no parameter (eg http://api.del.icio.us/v2/posts/) then only oauth’s parameters will do and if  the API url (eg http://api.del.icio.us/v2/posts/get?tag=programming&dt=2010-04-10T15:10:56Z) contains more parameters (eg tag and dt in this case) these also need to be included in the base string. FYI – date parameter’s (eg dt) value must be universal time and should be formatted as yyyy-MM-ddTHH:mm:ssZ.


b. Generate the signature

This step is very critical and prone to make more mistakes. Anyway, in this step you need to create a signature using HMAC-SHA1 signature algorithm.

In PHP you can build this signature very easily as code shown below:

<?php $signature = base64_encode(hash_hmac(‘sha1′, <base string>, <shared secret>.’&’.<access token secret>, true)); ?>

eg

<?php $signature = base64_encode(hash_hmac('sha1', GET&http%3A%2F%2Fapi.del.icio.us%2Fv2%2Fposts%2Fsuggest&oauth_consumer_key%3Def1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6%26oauth_nonce%3D613149020%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1257971461%26oauth_token%3DA%253DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--%26oauth_version%3D1.0%26url%3Dhttp%253A%252F%252Fwww.yahoo.com%252F, 1e782b9c13315e30d2fbac12348942cc9db674f2.'&'.6a72597fdc62131f7167be3f9b4f31e955244bee, true)); ?>

This will result in the following string:
QAnF8ETJ0znTvcxBEb+MJoFicmQ=

In C#, you can also achieve this as code shown below:

HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.ASCII.GetBytes(string.Format("{0}&{1}", UrlEncode(), UrlEncode()));
string signature = Convert.ToBase64String(hashAlgorithm.ComputeHash(System.Text.Encoding.ASCII.GetBytes(data)));

Using c#, here you cannot directly use HttpUtility.UrlEncode() function as it encodes special characters like “/,\,:” etc. to lower case format like “%2f,%5c,%3a” whereas OAuth expects url encoding in upper case format like “%2F,%5C,%3A”. This issue needs to be considered while URL encoding.


c. Make the delicious API call

Finally, we are at the point of making a request to Delicious.

First, we need to create an Authorization Header to send in the request. To do this, take the parameters we used to generate the Base String, remove any parameters that were part of the actual API request (in our case “url”), and then ADD the signature we just generated in Stage 5b as an oauth_signature parameter. All parameters are then joined together in a comma separated string:

eg

Authorization: OAuth realm="yahooapis.com",oauth_consumer_key="ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6",oauth_nonce="613149020",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1257971461",oauth_token="A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--",oauth_version="1.0",oauth_signature="QAnF8ETJ0znTvcxBEb%2BMJoFicmQ%3D"

In c# we can add the header in the web request object as the code follows:

webRequest.Headers.Add("Authorization", "OAuth realm=\"yahooapis.com\",oauth_consumer_key=\"ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6\",oauth_nonce=\"613149020\",oauth_signature_method=\"HMAC-SHA1\",oauth_timestamp=\"1257971461\",oauth_token=\"A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--\",oauth_version=\"1.0\",oauth_signature=\"QAnF8ETJ0znTvcxBEb%2BMJoFicmQ%3D\"");

We then add this header to our request that we are making for http://api.del.icio.us/v2/posts/suggest?url=http://www.yahoo.com/ and should get the expected response.

6. Refresh Access Token for future API calls without authorization

The access token obtained in step 4 remains valid for only 1 hour. So what happens after that period? Do you want to get authorization (by putting yahoo user id and password) again and again? What if you are writing a console application that will send updates of a delicious account to the subscribers at a regular interval? Well, don’t panic. A very feasible way is there.
You need to refresh the access token (using the expired token) to make subsiquent API calls.

The request url will look something like:


https://api.login.yahoo.com/oauth/v2/get_token?oauth_nonce=3423rw3d&oauth_consumer_key=ef1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6&oauth_signature_method=plaintext&oauth_signature=55d4cf6bf417023ce5dcc3b77132fb021cd13b21abcdef%264asf4rklwefsadlkfs325fasfdsdwfr3osferw3f&oauth_version=1.0&oauth_token=A%3DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig--&oauth_timestamp=1204762971&oauth_session_handle=ALKVBsl8DHR1rsAHSwTmAxYIsIGs3l31syRaA_aaF.RDs.MknmVM4P

All the request parameters are described below:

Request Parameter Description
oauth_nonce A random string
oauth_consumer_key Consumer Key provided to you when you sign up on the registration
page.
oauth_signature_method The signature method that you use to sign the request. This can be PLAINTEXT
or HMAC-SHA1.
oauth_signature The concatenated Shared Secret (Consumer Secret) and Token Secret separated by
an “&” character.
oauth_timestamp Current timestamp of the request. This value
must be +-600 seconds of the current time.
oauth_version OAuth version (1.0).
oauth_token The expired Access Token.
oauth_session_handle The persistent credential used by Yahoo! to identify the Consumer after a
User has authorized access to private data. Include this credential in your request
to refresh the Access Token once it expires.

Delicious API will return all the results in xml format. You need to format it as per your requirement.

If you are still in confusion in any step, don’t worry,  a full example project is available at http://www.codeproject.com/KB/cs/Delicious-OAuth-API.aspx.

Hope this will help.

(In this article I mainly followed and used some texts and code samples from http://delicious.com/help/oauthapi, Delicious.Net and LinkedinOauth).

<?php $signature = base64_encode(hash_hmac(‘sha1’, GET&http%3A%2F%2Fapi.del.icio.us%2Fv2%2Fposts%2Fsuggest&oauth_consumer_key%3Def1uGeq4fP9vbnDXQAtlN0IcKvY8RTef0MztKJfBRYacPiuYmQXFdi10DOU3WSDVfn7MQw5basdrn92urX47wlD3F6G4oOA6JHE6%26oauth_nonce%3D613149020%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1257971461%26oauth_token%3DA%253DvVzfAVXKsgHcbN6CCBdkiHFN6dOVXHRp6j_.rp.k8rZGUEC90xB..TVkGkt84PFgY3ju3TR22mG4SmKRQxGZUxg.VHhRs89mhh97wBSwjShz88wljdPupz0..bsTIymGIAlJVosVocNnTwPYLp.UFcCEdFKklYcs.KUDRhdtffP8cLp8dGFzUfWxdwQk45eDAB0e.VJmG5jUc6p_mGvsnappYfoIdzoP13Dz6v3W4Oi8ygW8W10Z.x9aFxL1m4ZkaIWxUm85DxG.yvgNTzi2h5qqhJBbJKP0ZX2tm7DTH7hksWFrMevkJaKwkHgzN3N8bUA3tnW5xii4LAzRb87W8GaSQ27gH4WBX9prNstqw4KtTdvMS9QJw9ckid5w0U1DB25cAniZXimXXybOwaj5u2QHG6zKloGZxFlLhc.wELxOhuymBEuVAwP2s.BWrzTh9QrSopOCeY9SSkEN0fjHZ5jFmaxStgWJQQysDU3JWuor2SvWmOB5I5q2vYCZrL5IYncMofHm6JUWkm5R6NAQt_.kO8wF8ZamiDzCE2iBi91HJlrkCb3.lV804Xs7M4sbD_MHa3UV7x7iw6XEhLjctD8al0BGVjooKYaxObrBygTTtngdtkXZSxJI.hLfcAo3TymujkAfycVGSscHAl_IeEvNUIJnOX4jB1dDdzfoSk_83rFiCLsRasRjxLHv.o.ltfoUVpL4fL_1cP2rwh2Drxvpwup1dReSr2GtSsbGig–%26oauth_version%3D1.0%26url%3Dhttp%253A%252F%252Fwww.yahoo.com%252F, 1e782b9c13315e30d2fbac12348942cc9db674f2.’&’.6a72597fdc62131f7167be3f9b4f31e955244bee, true)); ?>

Read Full Post »