Authorization with OAuth 1.0a

If you are unfamiliar with OAuth, we recommend that you read this guide first. SmugMug currently supports OAuth 1.0a.

The specifics

OAuth spec 1.0a
Request token URL http://api.smugmug.com/services/oauth/1.0a/getRequestToken
User authorization URL http://api.smugmug.com/services/oauth/1.0a/authorize
Access token URL http://api.smugmug.com/services/oauth/1.0a/getAccessToken
Signature methods HMAC-SHA1 or PLAINTEXT (https only)
Request token expiration 5 minutes; single-use only
Access token expiration never (unless revoked by the user)

Request token URL options

oauth_callback=http://your-app.example To send the user back to your app automatically
oauth_callback=oob When redirecting back to your app is not possible, use this option to present the user with a six-digit verification code which they can enter into your app

Authorization URL options

Parameter Values Default Description
Access Full or Public Public To change what data your app can see
Permissions Read, Add, or Modify Read To change what your app can do with the data
allowThirdPartyLogin 0 or 1 0 To allow use of third-party logins (like Facebook)
showSignUpButton true or false true To display the sign-up button on the login page
username A string None To pre-populate the email/nickname field
viewportScale A float between 0.0 and 1.0 0.0 Scale factor for mobile devices to inject into the viewport meta tag

Frequently Asked Questions

If you are having trouble with OAuth, please consult this list of frequently-asked questions.

The authorization workflow (for web-based applications)

Example code!

  1. Obtain a request token
  2. Redirect the user to the authorization URL
  3. The user logs in to SmugMug
  4. The user is presented with a request to authorize your app
  5. If the user accepts, they will be redirected back to your app, with a verification code embedded in the request
  6. Use the verification code to obtain an access token

The authorization workflow (for non-web-based applications)

Example code!

  1. Obtain a request token
  2. Show the authorization URL to the user
  3. The user goes to the authorization URL in a web browser and logs in to SmugMug
  4. The user is presented with a request to authorize your app
  5. If the user accepts, they will be given a six-digit verification code to enter into your app
  6. The user enters the verification code into your app
  7. Use the verification code to obtain an access token

End of the tutorial

This is the end of the tutorial. Start building great apps! Or, if you want to learn more, check out the Advanced Topics in the sidebar.