Regarding OAUTH2 token

141 views
Skip to first unread message

Rohit Choudhary

unread,
Jul 12, 2012, 8:50:51 AM7/12/12
to seesmic-ping-api-...@googlegroups.com
Hi All,

I am working in a project where we are creating app to post using Seesmic Ping. We were using ping.fm before this but currently due to change we decided to implement the new seesmic ping API.

Our problem is that we could not find any  documentation on how to get OAUTH2 Token to call their services.

Any help will appreciate.

George Ionita

unread,
Jul 12, 2012, 10:33:36 AM7/12/12
to seesmic-ping-api-...@googlegroups.com
Hi Rohit,

Thank you for your interest in Ping API. This is the general flow for OAuth2:

1. You open a browser window and redirect the user to this url:

https://api.seesmic.com/oauth/authorize?client_id=<your client id>&redirect_uri=<your callback url&response_type=token

2. The user will see the login interface and will have to enter his username and password

3. When username and password are verified, the broswser window will be redirected to <your callback uri> (which is part of the url above)

4. The access_token you need is appended to <your callback uri>. You should pick it up from here and use it to set the Authorization header for all the subsequent calls to the api made on behalf of the user.

Let us know if you have other questions.

Thanks,
George

--
You received this message because you are subscribed to the Google Groups "Seesmic Ping API Development Group" group.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/zz6yOMhLNqIJ.
To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/seesmic-ping-api-development-group?hl=en.

Rohit Choudhary

unread,
Jul 13, 2012, 1:41:23 AM7/13/12
to seesmic-ping-api-...@googlegroups.com
Thank you for your help. 

We have done upto this, but can you please give us an example on how to call this 

All the URLs require an OAUTH2 token and are available at https://api.seesmic.com/1/

curl -H'Authorization:{token}' https://api.seesmic.com/1/services.json.

after getting the oauth2 token.

Thank you again for your help.

George Ionita

unread,
Jul 13, 2012, 4:14:37 AM7/13/12
to seesmic-ping-api-...@googlegroups.com
What this means is that when you'll make an api call like:


You need to make sure to set the authorization header of the web request to the token you received:

Authorization: <OAUTH2 token>

George

--
You received this message because you are subscribed to the Google Groups "Seesmic Ping API Development Group" group.

Rohit Choudhary

unread,
Jul 13, 2012, 9:19:06 AM7/13/12
to seesmic-ping-api-...@googlegroups.com


On Thursday, July 12, 2012 6:20:51 PM UTC+5:30, Rohit Choudhary wrote:

Rohit Choudhary

unread,
Jul 13, 2012, 9:19:36 AM7/13/12
to seesmic-ping-api-...@googlegroups.com
Hi George,

I a facing problem on getting access_token from  <your callback uri>. Can you suggest me how to get it with php.

Thanks in Advance


On Thursday, July 12, 2012 8:03:36 PM UTC+5:30, George Ionita wrote:
Hi Rohit,

Thank you for your interest in Ping API. This is the general flow for OAuth2:

1. You open a browser window and redirect the user to this url:

https://api.seesmic.com/oauth/authorize?client_id=<your client id>&redirect_uri=<your callback url&response_type=token

2. The user will see the login interface and will have to enter his username and password

3. When username and password are verified, the broswser window will be redirected to <your callback uri> (which is part of the url above)

4. The access_token you need is appended to <your callback uri>. You should pick it up from here and use it to set the Authorization header for all the subsequent calls to the api made on behalf of the user.

Let us know if you have other questions.

Thanks,
George
On Thu, Jul 12, 2012 at 3:50 PM, Rohit Choudhary <rohitch...@sktnetwork.com> wrote:
Hi All,

I am working in a project where we are creating app to post using Seesmic Ping. We were using ping.fm before this but currently due to change we decided to implement the new seesmic ping API.

Our problem is that we could not find any  documentation on how to get OAUTH2 Token to call their services.

Any help will appreciate.

--
You received this message because you are subscribed to the Google Groups "Seesmic Ping API Development Group" group.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/zz6yOMhLNqIJ.
To post to this group, send email to seesmic-ping-api-development-gr...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-development-group+unsubscribe@googlegroups.com.
To post to this group, send email to seesmic-ping-api-development-gr...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-development-group+unsubscribe@googlegroups.com.

George Ionita

unread,
Jul 13, 2012, 9:43:34 AM7/13/12
to seesmic-ping-api-...@googlegroups.com
Using php, I assume you have a website that you want to integrate. Here's a virtual scenario:
  1. The user lands in your website at http://www.mysite.com/home.php. From here he can choose to add his Seesmic Ping account by clicking a link or a button.
  2. When the user clicks the link, you redirect him to the authorization link: https://api.seesmic.com/oauth/authorize?client_id=<your client id>&redirect_uri=http://www.mysite.com/callback.php&response_type=token
  3. The user performs authentication on our website (at seesmic.com), then when we authenticate him
  4. Once the user is authenticated, we redirect him to http://www.mysite.com/callback.php?access_token=fsdlkLHkdlasdASL
  5. callback.php is a page on your site that you should implement that just picks up the access_token from the query string, then you can redirect the user back to home.php or a different page on your site
This is a fairly common implementation of OAuth2.

Thanks,
George

To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/O9BKKn35yS0J.

To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.

Rohit Choudhary

unread,
Jul 16, 2012, 12:59:12 AM7/16/12
to seesmic-ping-api-...@googlegroups.com
Hi George,

The problem I am facing is that I am getting nothing in $_GET or $_SERVER array, query string comes as null. 
This is the main problem. 

actually link come after successful authentication is: 

I tried with $_GET and $_SERVER but no success.
To post to this group, send email to seesmic-ping-api-development-gro...@googlegroups.com.
On Thursday, July 12, 2012 8:03:36 PM UTC+5:30, George Ionita wrote:
Hi Rohit,

Thank you for your interest in Ping API. This is the general flow for OAuth2:

1. You open a browser window and redirect the user to this url:

https://api.seesmic.com/oauth/authorize?client_id=<your client id>&redirect_uri=<your callback url&response_type=token

2. The user will see the login interface and will have to enter his username and password

3. When username and password are verified, the broswser window will be redirected to <your callback uri> (which is part of the url above)

4. The access_token you need is appended to <your callback uri>. You should pick it up from here and use it to set the Authorization header for all the subsequent calls to the api made on behalf of the user.

Let us know if you have other questions.

Thanks,
George
On Thu, Jul 12, 2012 at 3:50 PM, Rohit Choudhary <rohitch...@sktnetwork.com> wrote:
Hi All,

I am working in a project where we are creating app to post using Seesmic Ping. We were using ping.fm before this but currently due to change we decided to implement the new seesmic ping API.

Our problem is that we could not find any  documentation on how to get OAUTH2 Token to call their services.

Any help will appreciate.

--
You received this message because you are subscribed to the Google Groups "Seesmic Ping API Development Group" group.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/zz6yOMhLNqIJ.
To post to this group, send email to seesmic-ping-api-development-gro...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Seesmic Ping API Development Group" group.

George Ionita

unread,
Jul 16, 2012, 4:42:32 AM7/16/12
to seesmic-ping-api-...@googlegroups.com
Ok, now I understand what happens and it's actually my fault because I made an important error in explaining how the flow works.

All the steps are accurate with the exception that the access token is not sent back in the query string, but in the callback URI fragment - exactly like what happened in your case. According to the general rule:

Clients are not supposed to send URI-fragments to servers when they retrieve a document, and without help from a local application (see below) fragments do not participate in HTTP redirections.

What it means is that you will not be able to access the "#access_token=IkD85bV-iUgflTSd0KNbrs_Z4IApLpgVjA5dDLH9nhf7V-WI" part of the URI from your server-side Php code.

I suggest adding in the "skt-seesmic/auth.php" page a client-side JavaScript code that takes the fragment from the current URI (you can use location.hash, for instance) and sends it to your server side handler. From the top of my head (although I admit I did not look at any security implications), you can just make an Ajax call (GET or POST) to your auth.php URI where you append the access_token as an query string param that can then be accessed by Php using $_GET

Thanks,
George

To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/RsS1J4B1oYsJ.

To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.

Rohit Choudhary

unread,
Jul 16, 2012, 6:43:29 AM7/16/12
to seesmic-ping-api-...@googlegroups.com
Hi George,

Thank you for your reply, It really helped me and I succeed to access the auth token.
Now I can call the services but I am bit confuse that How can I get account info of the users who have authenticated my app.
How can I ask them to give me permission for posting on their twitter,facebook,etc sites. As the documentation does not have all these information.

Please help me regarding this.

Thanks again for your support.  

George Ionita

unread,
Jul 16, 2012, 6:55:53 AM7/16/12
to seesmic-ping-api-...@googlegroups.com
There is a draft documentation available here: https://api.seesmic.com/public-api.html. I strongly recommend you go through all of it (even if it's not complete yet), to help you understand the most important endpoints.

To answer your questions, you can GET /accounts.json, GET /profile.json, GET /services.json.

Once you obtained the access token for the user, there are no other permissions you need to get for posting. Just POST /posts.json with the appropiate JSON payload (examples in the documentation link above) and that's it.

George

To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/7lBI33PvTUQJ.

To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.

Rohit Choudhary

unread,
Jul 16, 2012, 9:25:23 AM7/16/12
to seesmic-ping-api-...@googlegroups.com
Hi George,

I successfully tested the API.

Thank you for your immense help. :)

George Ionita

unread,
Jul 16, 2012, 9:47:06 AM7/16/12
to seesmic-ping-api-...@googlegroups.com
You welcome, and always feel free to get back on the forum for any other questions!

Thanks,
George

To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/63OULl9r_2MJ.

To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.

Rohit Choudhary

unread,
Jul 17, 2012, 1:59:30 AM7/17/12
to seesmic-ping-api-...@googlegroups.com
Hi George,

Here I am back with another question :). I am building an app through which I want to post on user's social accounts with seesmic ping.
I want to do automatic, ie i will ask users for their ping account credential( They will provide me sure :)) and I will post on their behalf by using Seesmic ping api.

Now some questions comes which are:

If yes then how? Do i need to encrypt my password and user name?

2) IF point 1 can be done then after successful login where the api will redirect me? Will I get auth token from that redirected location same as I am getting manually?
George

George Ionita

unread,
Jul 17, 2012, 4:57:18 AM7/17/12
to seesmic-ping-api-...@googlegroups.com
No, unfortunately this is not possible right now. OAuth2 protocol is specifically designed to ensure that users will only give their username and password to the service they are connecting to.

George

To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/NlQEg7ly_GYJ.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

alexander

unread,
Jul 17, 2012, 10:32:09 AM7/17/12
to seesmic-ping-api-...@googlegroups.com
Hi George,

does your last answer mean that seesmic ping api has no support for automatic posting at all?
If true, are you going to implement that? I bought a seesmic pro account few days ago and was going to build an auto-posting app upon it (to replace my ping.fm app).
But what i'm going todo with that seesmic pro account if it even doesn't support auto-posting.


Thanks

Alexander
George

George Ionita

unread,
Jul 17, 2012, 10:53:16 AM7/17/12
to seesmic-ping-api-...@googlegroups.com
No, auto posting *is* supported. Maybe I misunderstood your question. 

Once you obtain the access token for a user, you have full access to our API on his behalf and you can post in the background without asking for his permission, using just that token.

There's just the OAuth/login flow that you cannot do automatically - user needs to personally enter his username and password on our page for you to get the access token. This basically means that the user is trusting you with access to Seesmic Ping API on his behalf. But once that's done, you can use the access token at any time to do automatic posts, for instance, without needing his permission anymore.

Does this clarify the answer?

To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/zYocflagl9sJ.

Rohit Choudhary

unread,
Jul 18, 2012, 5:10:14 AM7/18/12
to seesmic-ping-api-...@googlegroups.com
Hi George,

As I can see in your last answer ,You have mentioned that once a user has verified himself then a token generated for him, and by using that token we can post any time.

Now please let us clear, what is the validity period of that access token. Can we store this access token for future posting work? 

Eg for example:

A user first time authenticate himself-> We store his auth token-> By using that auth token we run posting operation cron job time to time .



Alexander
George

--
You received this message because you are subscribed to the Google Groups "Seesmic Ping API Development Group" group.
To post to this group, send email to seesmic-ping-api-development-gr...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-development-group+unsubscribe@googlegroups.com.

George Ionita

unread,
Jul 18, 2012, 6:02:17 AM7/18/12
to seesmic-ping-api-...@googlegroups.com
Please find my comments inline, below:

On Wed, Jul 18, 2012 at 12:10 PM, Rohit Choudhary <rohitch...@sktnetwork.com> wrote:
Hi George,

As I can see in your last answer ,You have mentioned that once a user has verified himself then a token generated for him, and by using that token we can post any time.


Yes, that is correct.
 
Now please let us clear, what is the validity period of that access token. Can we store this access token for future posting work? 

Right now, the token is valid for years, but you should not rely on this period or make any assumptions about it. In fact, you should always be prepared for the token to expire or for the user to revoke access for your app to his account. In case this happens, you will no longer be able to use the old access token to post on user's behalf and you should probably notify the user by sending him an email or prompting him to login again.

But yes, you can store it for posting later. This is how our iPhone, Android and Windows clients work.
 

Eg for example:

A user first time authenticate himself-> We store his auth token-> By using that auth token we run posting operation cron job time to time .


Yes, this definitely works. Only that, as I said above, you should be prepared to handle scenarios when the access token is revoked by the user or expires.
 
To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/FmuuZ8jScN4J.

Ira Feuerstein

unread,
Jul 26, 2012, 3:01:19 PM7/26/12
to seesmic-ping-api-...@googlegroups.com
I find that this link to get a token doesn't work.


help

George Ionita

unread,
Jul 27, 2012, 3:16:42 AM7/27/12
to seesmic-ping-api-...@googlegroups.com
Hi,

As described above, the first step to get the OAuth token is to redirect the user to an url like:


where you should fill in your client id and callback url.

Thanks,
George

--
You received this message because you are subscribed to the Google Groups "Seesmic Ping API Development Group" group.
To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.

Federico

unread,
Aug 30, 2012, 3:11:55 PM8/30/12
to seesmic-ping-api-...@googlegroups.com
George,

 I'm trying to do what you suggest, but when I navigate to the https://api.seesmic.com/oauth/authorize page with the username I got in the email after registering as the client_id parameter, I get the following message:


The application you are using did not authenticate properly with the Seesmic API. Please try again or let the application's developer know that something went wrong.

What is the client_id I should use?

Thanks,

Federico


On Thursday, July 12, 2012 11:33:36 AM UTC-3, George Ionita wrote:
Hi Rohit,

Thank you for your interest in Ping API. This is the general flow for OAuth2:

1. You open a browser window and redirect the user to this url:

https://api.seesmic.com/oauth/authorize?client_id=<your client id>&redirect_uri=<your callback url&response_type=token

2. The user will see the login interface and will have to enter his username and password

3. When username and password are verified, the broswser window will be redirected to <your callback uri> (which is part of the url above)

4. The access_token you need is appended to <your callback uri>. You should pick it up from here and use it to set the Authorization header for all the subsequent calls to the api made on behalf of the user.

Let us know if you have other questions.

Thanks,
George
On Thu, Jul 12, 2012 at 3:50 PM, Rohit Choudhary <rohitch...@sktnetwork.com> wrote:
Hi All,

I am working in a project where we are creating app to post using Seesmic Ping. We were using ping.fm before this but currently due to change we decided to implement the new seesmic ping API.

Our problem is that we could not find any  documentation on how to get OAUTH2 Token to call their services.

Any help will appreciate.

--
You received this message because you are subscribed to the Google Groups "Seesmic Ping API Development Group" group.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/zz6yOMhLNqIJ.
To post to this group, send email to seesmic-ping-api-development-gr...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-development-group+unsubscribe@googlegroups.com.

Diamond

unread,
Aug 31, 2012, 1:56:51 AM8/31/12
to seesmic-ping-api-...@googlegroups.com
Hello All,

  I just want to know is this FREE API?

Thanks

Abhishek Chand

unread,
Aug 31, 2012, 2:01:34 AM8/31/12
to seesmic-ping-api-...@googlegroups.com
Hi Diamond,

Free plan detail

  • Up to 10 posts per day
  • Up to 3 accounts for posting
  • Free Windows Desktop app
  • Free mobile apps

You can get more information about all plans at   https://seesmic.com/profile/sign_up  


To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/b0mi2t2qTDoJ.

For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
Thanks and Regards
Abhishek Singh Chand
SKT Network Technologies Pvt. Ltd.

George Ionita

unread,
Aug 31, 2012, 4:00:15 AM8/31/12
to seesmic-ping-api-...@googlegroups.com
Hi Federico,

You should first make sure you're logged in to https://seesmic.com with the credentials that you provided to obtain the developer key.

Then navigate to https://api.seesmic.com and you should see your application with the details you need.

Thanks,
George

To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/yGBL1ELm8y8J.

Federico

unread,
Aug 31, 2012, 10:08:38 AM8/31/12
to seesmic-ping-api-...@googlegroups.com
George,

Thank you for your answer. I didn't know I need to obtain a developer key. I don't know how to obtain one, either. I just signed in to the Seesmic site, but I guess I'm just a regular user there. How can I obtain a developer key?

Thanks,

Federico
George

To post to this group, send email to seesmic-ping-api-development-gro...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Seesmic Ping API Development Group" group.
To post to this group, send email to seesmic-ping-api-development-gr...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-development-group+unsubscribe@googlegroups.com.

George Ionita

unread,
Aug 31, 2012, 10:13:23 AM8/31/12
to seesmic-ping-api-...@googlegroups.com
You need to send a request to seesmic...@seesmic.com

You'll get the information you need from there.

To post to this group, send email to seesmic-ping-api-...@googlegroups.com.
To unsubscribe from this group, send email to seesmic-ping-api-develo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/seesmic-ping-api-development-group/-/0QTxvnHwau4J.

Piotr Okoń

unread,
Oct 31, 2012, 9:35:34 AM10/31/12
to seesmic-ping-api-...@googlegroups.com
Message has been deleted

Piotr Okoń

unread,
Oct 31, 2012, 10:20:10 AM10/31/12
to seesmic-ping-api-...@googlegroups.com


W dniu Czwartku, 12 Lipca 2012 14:50:51 UTC +2 Użytkownik Rohit Choudhary napisał:
Witam wszystkich,

Pracuję w projekcie, gdzie tworzymy app Post używając Seesmic Ping. Używaliśmy ping.fm przed tym, ale obecnie ze względu na zmiany zdecydowaliśmy się wdrożyć nowy Seesmic API ping.

Naszym problemem jest to, że nie mogliśmy znaleźć żadnej dokumentacji, jak dostać OAUTH2 token, aby zadzwonić z ich usług.

Każda pomoc będzie docenić.
Reply all
Reply to author
Forward
0 new messages