Authentication

To get access to picplz OAuth key generation, please email your picplz username to api-admins @ picplz.com

Authenticating with the picplz API requires OAuth 2.0.  Please take a look at the documentation for OAuth 2.0 for more information.

1) Create an OAuth key for your application on our site.

Once you have been accepted for write-access and are logged into the picplz.com website, you should be able to go to this URL:
http://picplz.com/apps/

Note: please ensure that your picplz account has a STRONG PASSWORD

On that page you can create a consumer key for your application.

2) Make an OAuth redirect to generate an access token

The way you use our OAuth API depends on what kind of integration you are building.

Web application (Ruby, Python, PHP, Java etc)

1) Re-direct a user that you want to authenticate to this URL:
https://picplz.com/oauth2/authenticate
    ?client_id=YOUR_CLIENT_ID

    &response_type=code
    
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
2) If the user authenticates, they will get redirected to:
https://YOUR_REGISTERED_REDIRECT_URI/?code=CODE
3) Your code should then make the following request:
https://picplz.com/oauth2/access_token
?client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&grant_type=authorization_code
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
&code=CODE
4) picplz will respond with a token in JSON:
{ access_token: ACCESS_TOKEN }
5) Save the access token in your application.

Pure Javascript application:

1) Redirect a user you wish to authenticate to this URL:
https://picplz.com/oauth2/authenticate
?client_id=CLIENT_ID
&response_type=token
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
2) If the user authenticates, they will be redirected to:
http://YOUR_REGISTERED_REDIRECT_URI/#access_token=ACCESS_TOKEN
Client application/Mobile app:

We do not currently allow application developers access to exchange a username and password for an OAuth token.  You should send your users through the web application flow above.  If you are including your client_secret in a mobile application, please take steps to obfuscate it.


3) Use your access token in your API calls

When making a call to one of our API methods, add oauth_token=ACCESS_TOKEN as a GET or POST parameter in your request.  All authenticated API calls *MUST* be made over SSL. Note that while all API calls should use a base URL of https://api.picplz.com/, all OAuth authorization flows (calls to obtain a token) should use a base URL of https://picplz.com/.



Comments