Looks like the Great Firewall or something like it is preventing you from completely loading www.skritter.com because it is hosted on Google App Engine, which is periodically blocked. Try instead our mirror:
This might also be caused by an internet filter, such as SafeEyes. If you have such a filter installed, try adding appspot.com to the list of allowed domains.
Authentication is handled through OAuth 2.0. Generally speaking, your service, the client, directs the user to Skritter where they authorize your access to their data, and then information is redirected back to the client so you can fetch data through the API.
OAuth is a way for you (the client) to get access to someone else's data (the user).
The recommended, and most secure, way of doing this is to send the user from your website to Skritter's. Our website checks with them to make sure they want to give you access, and if they agree, we redirect them back to your website with a code. Your client then immediately uses this code to get a token from our server which you then provide for any API request.
There are a few alternative paths to getting a token:
Once you have a token, include it as the "bearer_token" parameter for any request, or in an HTTP header. That's all you need, going forward, as well as perhaps refreshing it once in a while to make sure you don't have to re-authenticate.
Email team@skritter.com to create a 'client' account for Skritter. This is an otherwise normal account, except that when you log in you will be redirected to a client page where you can access your secret and change your client name, description, and redirect settings.
If you opt for the redirect method, send the user to this page. Responses will be returned based on the values passed in and the client redirect settings.
This method is for all other authorization tasks which don't involve the user in the middle:
When you use the /token request, you need to provide your client secret one way or another. You can include it straight as a POST parameter, or you can include it encoded in an HTTP header. To encode client credentials, use Base64 to encode the string (client-name):(client-secret), then prepend 'basic: ' to that string.
# first redirect your user to https://legacy.skritter.com/api/v0/oauth2/authorize # with the appropriate parameters. # upon their return to the redirect_uri given, # get the code from the GET parameter import json import urllib import urllib2 url = 'https://legacy.skritter.com/api/v0/oauth2/token' # the exact same redirect_uri that was used to get the code REDIRECT_URI = 'https://mysite.com/skritterapi/getcode' OAUTH_CODE = '8eac0f0300e0fb4aa11870055ad932' OAUTH_CLIENT_NAME = 'notherGuy' OAUTH_CLIENT_SECRET = '...' # get from client page params = { 'grant_type': 'authorization_code', 'client_id': OAUTH_CLIENT_NAME, 'client_secret': OAUTH_CLIENT_SECRET, 'redirect_uri': REDIRECT_URI, 'code': OAUTH_CODE, } data = urllib.urlencode(params) request = urllib2.Request(url, data) response = urllib2.urlopen(request) packet = json.loads(response.read()) print packet.get('access_token')
from base64 import b64encode import json import urllib import urllib2 url = 'https://legacy.skritter.com/api/v0/oauth2/token' OAUTH_CLIENT_NAME = 'notherGuy' OAUTH_CLIENT_SECRET = '...' # get from client page USER_NAME = 'notherGuy' # whose account you want access to USER_PASSWORD = '...' # get from user input, don't store it params = { 'grant_type': 'password', 'client_id': OAUTH_CLIENT_NAME, 'username': USER_NAME, 'password': USER_PASSWORD, } credentials = "%s:%s" % (OAUTH_CLIENT_NAME, OAUTH_CLIENT_SECRET) credentials = b64encode(credentials) credentials = "basic %s" % credentials data = urllib.urlencode(params) request = urllib2.Request(url, data) # urllib2 apparently prepends HTTP_, your mileage may vary request.add_header('AUTHORIZATION', credentials) response = urllib2.urlopen(request) packet = json.loads(response.read()) print packet.get('access_token')
Please be aware of security issues which depend on your specific client setup. Some key things to keep in mind: