Authenticating an API Request

The Bluestore REST API requests need to be signed using OAuth 2-legged authentication. Each HTTP request must contain the standard OAuth parameters in the 'Authorisation' header or in the query string.


An example request (GET Stock) is shown below. The consumer key is the API Key generated in the enterprise console Remote Application and token is the associated API token.

GET /rest/stock/ HTTP/1.1
Host: 127.0.0.1:9001
Authorization: OAuth realm="https://{bluehub_host}:{rest_api_port}/rest/stock",
oauth_consumer_key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
oauth_token="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
oauth_signature_method="RSA-SHA1",
oauth_timestamp="137131201",
oauth_nonce="7d8f3e4a",
oauth_signature="bYT5CMsGcbgUdFHObYMEfcx6bsw%3D",
 oauth_version="1.0a" 

 The signature should contain the request method (GET or POST), the URL, the full path of the certificate file and the parameter array above (consumer key, token, signature method, timestamp, nonce and version).

HTTP Error Status Codes

If the request fails verification, the server responds with the appropriate HTTP response status code:

400(Bad Request)  
when receiving a request with unsupported parameters, an unsupported signature method, missing parameters, or duplicated protocol parameters.
401(Unauthorized)  
when receiving a request with invalid client credentials, an invalid or expired token, an invalid signature, or an invalid or used nonce.
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk