About Direct Access Token API

[Taro KOBAYASHI]

Hello, I'm trying to use new apis.

https://oauth-api.beatport.com/docs/

My application is a cli application. So I thought direct access token api fits my demand.

First, the document does not specify the request method.

I've tried GET and POST

GET:

 % curl "https://oauth-api.beatport.com/identity/1/oauth/direct-access-token?username=<username>&password=<password>"

{"metadata":{"error":"Method Not Allowed","message":null,"request":{}},"results":[]}%                                                           

okay, then POST:

 % curl -d username='<username>' -d password='<password>' https://oauth-api.beatport.com/identity/1/oauth/direct-access-token

{"metadata":{"error":"Access Denied","message":"Invalid timestamp\/nonce combination","request":{}},"results":[]}%                              

It says about timestamp & nonce. What should I do?

Do I have to encode the post request like xauth?

Anyway, the document says: 'Using this authentication method requires special permissions for your API key.'

But where can I set these permissions? Or is it unavailable for the ordinary api users?

[Cristian George Simion]

Apparently they are requiring you to encode the post just like oauth, but you will need to also include the username and password. The only problem is you will encounter the following message after successfully requesting it :

Access Denied

The API Client does not have the "2-legged-authentication" permission, which is needed to perform this action.

So I would suggest you should also email them to request the special permissions for this feature ( if they do give them out ). I have submitted my request and I will update the post about my progress. I'm also thinking of making an OAuth library for people to use specifically for beatport (one better documented).

Let me know if you manage to find out anything :)

[Taylor Rose]

Hi Taro,

For a CLI application, you can use our documentation tool to generate an access token for your app. https://oauth-api.beatport.com/docs/ Just use your key & secret and authenticate with a user through the tool and you will see a link in the upper right corner that says `Access Token`. This will allow you to skip the request token step all together.

Also, in reference to Cristian's suggestion, we only authorize trusted partners with two-legged oauth since it requires that Beatport users input their username and password in plain text on the 3rd party application. If you do have a legitimate need for two-legged oauth, I would encourage you to email our API team at a...@beatport.com and we can work with you to find a solution.

--
You received this message because you are subscribed to the Google Groups "Beatport API" group.
To unsubscribe from this group and stop receiving emails from it, send an email to beatport-api...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Mathias Gran]

Hi Taro,

There are two concerns:

1) The error "Invalid timestamp/nonce combination" indicates that you haven't made a proper oauth 1.0 signed request. 

Please research oauth 1.0 libraries in your programming language of choice.

2) The direct-access-token endpoint is not enabled by default for external developers.

You have two options:

2a) Use your api key and secret + your beatport username and password to authenticate in the documentation tool to reveal an Access Token.

2b) Use the 3-legged authentication workflow.

Mathias Gran

Beatport API Team 

[will banks]

This is such a convoluted and painful way of using an API.

PHP sample code would be great.