You are here:
Authentication & Authorisation
We use the OAuth 1.0 protocol to authenticate and authorise API operations. A useful library implementing many of the OAuth details can be found here. You can see how to use this library by looking into our sample application.
OAuth requires that access tokens be provided on every call and these access tokens are valid for one year from the time that the user authorises the token.
If you just plan to use your application to access a single Tradevine account, you can generate the tokens in Tradevine as a one-off task by following these steps and then just use the supplied tokens in your API calls. This is by far the simplest way of obtaining credentials to be used against our API
3rd party use
If you plan on your application being used by multiple Tradevine users, you will need to implement 3-legged OAuth in order to obtain access tokens to access their data on their behalf. This involves your site getting temporary credentials by calling the RequestToken endpoint, storing these, then redirecting the user to their Tradevine account where they will be prompted with an Allow or Deny prompt. If they click Allow, they will be redirected to the AccessToken endpoint where a permanent set of credentials (access token and token secret) will be generated and then sent back to your site via the callback URL you specified at the start of the process. Your system then stores these permanent credentials for use on future API calls. Sounds complicated? - it can be a little bit, however there are many examples on the web in the language of your choice on how to do this.
Our authorisation URLs are as follows:
- Request Token Url: https://api.tradevine.com/v1/RequestToken
- Access Token Url: https://api.tradevine.com/v1/AccessToken
- Authorise Url Token: https://nz.tradevine.com/API/v1/Authorise
http or https?
You need to use https in order to call our methods. This is important to ensure another layer of security around our members' private data. If you are having trouble calling our API methods check to ensure you're using https.