Small World Labs

API authentication is handled through the OAuth protocol. Consumer keys and secrets are created and maintained by site administrators using the SWL administration panel. A general overview of the OAuth authentication process can be found here.

To create or modify content as user, you will need to authenticate as that community user with the authorization request (read or write) by obtaining an access token using the following OAuth-standard request URLs:

• Request Token - http://SITENAME/services/2.0/auth.getRequestToken (documentation here)
• User Authorization - http://SITENAME/services/2.0/auth.getUserAuthorization (documentation here)
• Access Token - http://SITENAME/services/2.0/auth.getAccessToken (documentation here)

More information on these OAuth methods can be found here. The only signature method accepted by the SWL OAuth implementation is HMAC-SHA1.

If you are calling an API method that does not require user credentials (and therefore no access token), you must still authenticate using your consumer key and secret, leaving out the access token entirely. The request must still be signed with an empty token secret. This method is described in the OAuth consumer request specification.

Superuser keys

Site administrators can specify a certain consumer to be a "superuser," which allows them to make write calls without first obtaining user authorization.

Superuser calls must specify the parameter authed_user_id as the user ID for methods requiring authentication.