Public API - OAuth Protocol

OAuth Protocol

The Client-facing API uses the standard OAuth 1.0a flow with the exception of having no User Authorization for Consumer Access to Resources since there is no data involved which is owned by the user. General information on OAuth 1.0a can be found at You can also find information on how to send and sign an OAuth 1.0 request at

OAuth Endpoints

  • Request Credentials (Token):
  • User Authorization:
  • Access Token:

Code Examples

Examples of ForeSee’s oAuth authentication code libraries.

ForeSee’s OAuth 1.0a Flow Description

1. User requests protected Consumer endpoint, such as /currentUser.
2. Decision Point – Is User authenticated?
2.1. If No:
2.1.1. Consumer retrieves request credentials from Services using client credentials.
2.1.2. Consumer attempts to authenticate with request credentials.
2.1.3. Decision Point – Is User logged in already? If No: Consumer redirects to Services login. User logs in using Services (portal) Username and Password. Services authenticates request credentials. Services redirects to Consumer callback URL using authorized credentials. Consumer retrieves token (access) credentials from Services using authorized credentials.
2.2. Consumer returns protected endpoint.
2.3. Consumer requests resource from Services using access credentials
2.4. Decision Point – Is User authorized?
2.4.1. If YesServices returns resource.
2.4.2. If NoServices returns 401 status code.

ForeSee’s OAuth 1.0a Flow Illustration


Other articles in this section:

  1. OAuth Protocol (current article)
  2. Date Resolution
  3. Endpoints
  4. Glossary of Terms