Documentation Center

Setting up OAuth authentication on an affiliate website

Set up OAuth authentication on an affiliate website to implement requests that can be authenticated against the Discovery Service.

Procedure

  1. Prior to each Discovery Service request, first do the following POST request to the web service: <protocol>://<servername:portnumber>/token.svc
    where
    • <protocol> is https if you have set up HTTPS for the Discovery Service, or http otherwise
    • <servername:portnumber> identifies the server and port on which the Discovery Service runs (this is the same server and port as the Token Service)

    and in which you specify the following POST parameters:

    • client_id is one of the usernames specified in an Id attribute of an Account element in the Accounts section of the Ambient Data Framework configuration file of the Discovery Service.
    • client_secret is a valid, unencrypted password for that user.

    If the username and password are correct, the Token Service returns a response of content type application/json of the following format (on a single line):

    {"access_token":"HufXeuUt%2FYYElA8SYjJOkUkrXxV9dyXRirmKhjW%2Fb%2FU%3D","expires_in":300}
  2. In your actual Discovery Service request, include this access token by including it in the HTTP header called "Authorization", which should contain the following:
    Bearer HufXeuUt%2FYYElA8SYjJOkUkrXxV9dyXRirmKhjW%2Fb%2FU%3D
  3. You can keep using the access token until it expires. Refer to the expires_in property in the response to the access token request to see how long the current token is still valid.