SmugMug API
BETA
Tutorial
- Getting an API Key
- Your First API Request
- Making changes
- Getting results in pages
- Authorization with OAuth 1.0a
API Concepts
Advanced Topics
- Optimizing response sizes
- Expanding related data
- Configuring expansions
- Rate Limits
- Method and Content Overrides
- Performance Metrics
- Multi-get
- Options requests
Live API Browser
Reference
Authorization with OAuth 1.0a
If you are unfamiliar with OAuth, we recommend that you read this guide first. SmugMug currently supports OAuth 1.0a.
The specifics
| OAuth spec | 1.0a |
| Request token URL | https://api.smugmug.com/services/oauth/1.0a/getRequestToken |
| User authorization URL | https://api.smugmug.com/services/oauth/1.0a/authorize |
| Access token URL | https://api.smugmug.com/services/oauth/1.0a/getAccessToken |
| Signature methods | HMAC-SHA1 or PLAINTEXT (https only) |
| Request token expiration | 5 minutes; single-use only |
| Access token expiration | never (unless revoked by the user) |
Request token URL options
| oauth_callback=https://your-app.example | To send the user back to your app automatically |
| oauth_callback=oob | When redirecting back to your app is not possible, use this option to present the user with a six-digit verification code which they can enter into your app |
Authorization URL options
| Parameter | Values | Default | Description |
|---|---|---|---|
| Access | Full or Public | Public | To change what data your app can see |
| Permissions | Read, Add, or Modify | Read | To change what your app can do with the data |
| allowThirdPartyLogin | 0 or 1 | 0 | To allow use of third-party logins (like Facebook) |
| showSignUpButton | true or false | true | To display the sign-up button on the login page |
| username | A string | None | To pre-populate the email/nickname field |
| viewportScale | A float between 0.0 and 1.0 | 0.0 | Scale factor for mobile devices to inject into the viewport meta tag |
Frequently Asked Questions
If you are having trouble with OAuth, please consult this list of frequently-asked questions.
The authorization workflow (for web-based applications)
- Obtain a request token
- Redirect the user to the authorization URL
- The user logs in to SmugMug
- The user is presented with a request to authorize your app
- If the user accepts, they will be redirected back to your app, with a verification code embedded in the request
- Use the verification code to obtain an access token
The authorization workflow (for non-web-based applications)
- Obtain a request token
- Show the authorization URL to the user
- The user goes to the authorization URL in a web browser and logs in to SmugMug
- The user is presented with a request to authorize your app
- If the user accepts, they will be given a six-digit verification code to enter into your app
- The user enters the verification code into your app
- Use the verification code to obtain an access token
End of the tutorial
This is the end of the tutorial. Start building great apps! Or, if you want to learn more, check out the Advanced Topics in the sidebar.