SMS From Me

Automatically Start One on One SMS Conversations

Getting an Authorization Token Through OAuth

To get an OAuth token you need to send a GET request to the "/oauth" page.

The following shows you a simple shell script to send an OAuth request using curl.

# The APP_KEY will work too, however the scope is limited

OAUTH_TOKEN=`echo $SECRET_KEY:$API_KEY | base64 -w 0`

curl -H "Authorization: Basic $OAUTH_TOKEN" \

What SMS From Me expects is an Authorization tag with the OAuth credentials.

The type of authorization is Basic as required by OAuth.

The authorization token is the Secret Key, a colon character (:), and the Application Key or the API Key (really we expect the API Key, but you can use either keys.) The final string is then encoded using base64.

Note that the base64 encoding is required by the standard. It ensures than any special characters get transformed to just ASCII characters. It would not be required for us since our keys are already only using ASCII characters.

Assuming the OAuth request is successful, you get a JSON object as a reply as follow:

  "access_token": "0123456789abcde0123456789abcde0123456789abcdefff0123456789abcdef",
  "token_type": "Bearer",
  "expires_in": 28800,
  "scope": "/api/1/*"

The "access_token" is what you want to save to send REST requests later. This is your cookie. This token will be used as is (i.e. no further base64 encoding.)

At this time, the "token_type" is always "Bearer". This is the type to be used in the Authorization of REST requests.

The "expires_in" parameter defines how long the OAuth token will live. Note, however, that it gets extended each time you send a REST request. So it may be difficult to know when the token will timeout. That being said, your code should be capable to always request for a new OAuth token to continue to run.

The "scope" is a space separated list of URIs that you have access to with this session. it also shows you the API version you can use. If you log in with your Application Key, then the scope will be very limited. The example above shows you your scope when you use the API Key.

Revoke an OAuth Access Token

Once you are done with an OAuth Access Token, you may want to revoke that token. That will prevent anyone else from using that token.

This is done by accessing the /oauth/revoke path and adding the token in the "token" query string:

Although a POST will work against that URL (in which case the token must be made part of the body of the POST), you are expected to use a GET method.





If you already registered with your email address and needed to re-validate (i.e. the first validation somehow failed) then go to the Validate Page where you can request for a new validation code to be emailed to you.

Login         Register         Get App.

Get My Free Book About SMS Marketing

Hey! Before you leave, make sure to get my freeBook About SMS Marketing. All you have to do is enter your email address and I'll send you a link to this website where you can retrieve your own copy of my free book.

Connect With Us
Google Plus Button
LinkedIn Button
YouTube Button