POST oauth/request_token

Updated on Tue, 2012-09-04 21:00

Allows a Consumer application to obtain an OAuth Request Token to request user authorization. This method fulfills Section 6.1 of the OAuth 1.0 authentication flow.

It is strongly recommended you use HTTPS for all OAuth authorization steps.

Usage Note: Only ASCII values are accepted for the oauth_nonce

Resource URL


OAuth parameters are not always sent the same way as other parameters. If you're using HTTP-header based OAuth, you shouldn't include oauth_* parameters in the POST body or querystring.

oauth_callback required

For OAuth 1.0a compliance this parameter is required. The value you specify here will be used as the URL a user is redirected to should they approve your application's access to their account. Set this to oob for out-of-band pin mode. This is also how you specify custom callbacks for use in desktop/mobile applications.

Always send an oauth_callback on this step, regardless of a pre-registered callback.

Example Values: http%3A%2F%2Fthemattharris.local%2Fauth.php, twitterclient%3A%2F%2Fcallback

x_auth_access_type optional

Overrides the access level an application requests to a users account. Supported values are read or write. This parameter is intended to allow a developer to register a read/write application but also request read only access when appropriate.

Example Request

Request URL:

Request POST Body:

Authorization Header:
OAuth oauth_nonce="K7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw", oauth_callback="", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1300228849", oauth_consumer_key="OqEqJeafRSF11jBMStrZz", oauth_signature="Pc%2BMLdv028fxCErFyi8KXFM%2BddU%3D", oauth_version="1.0"