<< Back to FrontPage
LiveWork API Authentication
The LiveWork API uses OAuth to authenticate both the client application and the LiveWork user responsible for every API request.
Client Application Registration
The client application is the application submitting requests to the LiveWork API. Before the LiveWork API will return any data from the LiveWork platform, however, a developer of the client application must first register the application with a LiveWork API environment to receive authentication credentials for that environment.
Upon registration, a consumer key and a consumer secret will be generated. The client application must submit the consumer key as a parameter with every request made to the LiveWork API. The consumer secret is used by the client application to generate a request signature which must also be submitted as a parameter with every API request--but remember that the consumer secret is never submitted as a parameter with an API request and the request signature will be different for every API request!
There are currently two separate and independent LiveWork API environments: the LiveWork Sandbox API and the LiveWork Production API.
The LiveWork Sandbox API
The LiveWork Sandbox API is used by developers to test and integrate the LiveWork API into their applications.
To register a client application with the LiveWork Sandbox API, click here.
The LiveWork Production API
The LiveWork Production API is used by developers once testing and integration of the LiveWork API into their applications is complete.
To register a client application with the LiveWork Production API, (coming soon).
LiveWork User Authorization
The LiveWork user is the preexisting user on the LiveWork platform on whose behalf the client application is submitting requests to the LiveWork API. The LiveWork user must authorize the client application and grant it read/write access to the data stored on the LiveWork platform that he/she normally has access to via the LiveWork site itself. There is no such thing as an anonymous request to the LiveWork API.
The process by which the LiveWork user authorizes the client application and grants it access to his/her LiveWork platform data is detailed in Section 6. Authenticating with OAuth of the OAuth Core 1.0 Specification. Roughly, the process works as follows:
- The client application obtains an unauthorized request token.
- The LiveWork user authorizes the request token.
- The client application exchanges the request token for an access token.
Obtaining an Unauthorized Request Token
To obtain an unauthorized request token, the client application must submit a request to the oauth/request_token API method.
Authorizing the Request Token
To authorize the request token, the client application must redirect the LiveWork user to the oauth/authorize API method.
Exchanging the Request Token for an Access Token
To exchange the request token for an access token, the client application must submit a request to the oauth/access_token API method.
LiveWork API Request Authentication
Now that the client application is registered with a LiveWork API environment and a LiveWork user has authorized it to act on his/her behalf, the client application can submit requests to the LiveWork API. The authentication parameters required for each API request are detailed in Section 7. Accessing Protected Resources of the OAuth Core 1.0 Specification.
<< Back to FrontPage
Comments (0)
You don't have permission to comment on this page.