OAuth Authentication with HTTP routines

Owned by Jonathan Muse
Last updated: Jan 28, 2019
3 min read

Many REST API's require 2 step or OAuth authentication. In order to perform this you would simply need to make two request using the HTTP routines. The first will get the access token and the second will use the token to access the API. Usually, OAuth authentication requires the creation of an API key or secret key just to request the access token.

Step 1: Getting the access token

In this step we will create a function that gets an access token for a service. The specific headers and parameters required are usually specific to the API. And, any API keys, client IDs, or client secrets needs to be obtained by the service provider in order to complete this step. The settings below are just an example:

struct token {
    string access_token;
    string instance_url;
    string id;
    string token_type;
    string issued_at;
    string signature;
}

function authenticate() {

    HttpRequest request;
    
    HttpHeader header = httpCreateHeader("Content-Type", "application/x-www-form-urlencoded");
    request.headers += header;
    header = httpCreateHeader("host", "login.someservice.com");
    request.headers += header;
    header = httpCreateHeader("grant_type", "password");
    request.headers += header;
    
    request.parameters += httpCreateParameter("username", "username");
    request.parameters += httpCreateParameter("password", "password");
    request.parameters += httpCreateParameter("client_id", "3l;akjdgf;lkanjdfg;ljknsdaf;gknjad;jfng'aWD[QOKWFVMV");
    request.parameters += httpCreateParameter("client_secret", "356356767875689");
    
    token apiToken = httpPost("https://somesite/services/oauth2/token", request);
    
    return apiToken.token_type + " " + apiToken.access_token;
}

Step 2: Sending a request

Now that we have a function to obtain the access token we can perform a request as usual. The first step is to call the function and get the value of the access token.

string access_token = authenticate(); //calls function from step 1
HttpRequest request;
HttpHeader auth = httpCreateHeader("Authorization", access_token);
request.headers += auth;

string jsonDataString = httpGet("https://someservice/rest/api/2/getsomething", request);

number statusCode = httpGetStatusCode();
if (statusCode >= 200 && statusCode < 300) {
    runnerLog("Success!");
}
else {
    runnerLog("Uh oh!");
}

Step 3: Parsing the data

Now that data has been received in the form of a string we can convert the data to a struct and work with it.

struct jsonDataStruct {
    string dataElement1;
    string dataElement2;
    string dataElement3;
    string dataElement4;
    string dataElement5;
    date dataCreationDate;
    boolean validData;
}

jsonDataStruct [] data = fromJson(jsonDataString);

for(jsonDataStruct d in data) {
	runnerLog(d.dataElement1);
	runnerLog(d.dataElement2);
	runnerLog(d.dataElement3);
	//etc
}

Putting it all together

The final code would look like this:

struct token {
    string access_token;
    string instance_url;
    string id;
    string token_type;
    string issued_at;
    string signature;
}

struct jsonDataStruct {
    string dataElement1;
    string dataElement2;
    string dataElement3;
    string dataElement4;
    string dataElement5;
    date dataCreationDate;
    boolean validData;
}

function authenticate() {

    HttpRequest request;
    
    HttpHeader header = httpCreateHeader("Content-Type", "application/x-www-form-urlencoded");
    request.headers += header;
    header = httpCreateHeader("host", "login.someservice.com");
    request.headers += header;
    header = httpCreateHeader("grant_type", "password");
    request.headers += header;
    
    request.parameters += httpCreateParameter("username", "username");
    request.parameters += httpCreateParameter("password", "password");
    request.parameters += httpCreateParameter("client_id", "3l;akjdgf;lkanjdfg;ljknsdaf;gknjad;jfng'aWD[QOKWFVMV");
    request.parameters += httpCreateParameter("client_secret", "356356767875689");
    
    token apiToken = httpPost("https://somesite/services/oauth2/token", request);
    
    return apiToken.token_type + " " + apiToken.access_token;
}

string access_token = authenticate(); //calls function from step 1
HttpRequest request;
HttpHeader auth = httpCreateHeader("Authorization", access_token);
request.headers += auth;

string jsonDataString = httpGet("https://someservice/rest/api/2/getsomething", request);

number statusCode = httpGetStatusCode();
if (statusCode >= 200 && statusCode < 300) {
    runnerLog("Success!");
	jsonDataStruct [] data = fromJson(jsonDataString);

	for(jsonDataStruct d in data) {
		runnerLog(d.dataElement1);
		runnerLog(d.dataElement2);
		runnerLog(d.dataElement3);
		//etc
	}
}
else {
    runnerLog("Uh oh!");
}