Adding Applications

In order to access the API of a service provider, you need to create an application with that service provider. Creating an application will provide you with a consumer key (also known as API key or application key) and a consumer secret (also known as API secret or application secret).

Creating an application is normally done by logging in to the "developer" community of the service provider, selecting "Create New Application", or the like, and filling out the required information. Let's take a look at how this is done at Twitter:

First, log into http://dev.twitter.com (creating a new account if necessary), click the user name in the top right corner and select "My Applications".

Then, click the "Create a new Application" button.

Fill out the required information, such as the name and description of the application and read through Twitter's terms of service before accepting.

One of the fields in the form is a "Callback URL". This is the URL that Twitter will redirect a user's browser to after she has accepted to let your application interact with her Twitter account on her behalf. This field must be set to the path OAuthCallback under the folder in which the Management Console is deployed. For instance, if running with an embedded Management Console, it runs at http://localhost:50080/. In this case, the callback URL would be specified to http://localhost:50080/OAuthCallback - however, beware that some service providers do not allow a callback URL containing localhost. Twitter is one of those providers, so we will use http://127.0.0.1:50080/OAuthCallback instead.

Alternatively (and this is required by some service providers), you need to specify the hostname or non-loopback IP address of the machine on which you are running the Management Console. Since this page will be loaded by the browser of the authenticating user, this need not be a public hostname or IP address.

After creating the application, we are presented with a summary of the application. We will need to copy some of these values into Management Console, so go ahead an open Management Console in a browser. Note that you should use the same IP address or hostname that was entered as callback URL; in this example we will therefore point our browser to http://127.0.0.1:50080/.

Now, navigate to the OAuth tab, which is a sub-tab of the Repository tab, and click the "New Application" button.

Select a name for the application (which doesn't need to be the same name as what is used when you created the application at the service provider) and select the service provider (in this case Twitter).

The consumer key and consumer secret must be copied from the summary page of the application presented by the service provider.

Enter the same callback URL as you did before and click Save. Some service providers additionally require that you specify a scope; i.e. what parts of the API that a user will authorize the application to access. For instance, when accessing Google, the scope https://www.google.com/analytics/feeds/ must be specified if the application should be allowed to access the Google Analytics Data API. Twitter does not use the scope field, so this will be left blank in our example.

We have now set up an OAuth application in the Management Console.

Note that if you later edit the application, the consumer secret will be displayed as "(encrypted)" for security reasons. To change the consumer secret, simply replace this value in the input field with the new consumer secret; otherwise, leave as-is when editing an application.

Next, we will be adding a user to the application.