Voota API Authentication

OAuth is the authentication method implemented to sign requests and identify which client application is accessing to the API, and authenticate users and client applications to allow write-mode operations, such as create reviews.

If you are not familiar with OAuth, you can read this OAuth beginner's guide and the OAuth specification. Also, you can find a lot of libraries that will help you to integrate OAuth in your code.

Inside Voota, registration for OAuth applications is available at  voota.es/oauth/register. There, you can register your application and we will provide you with a consumer key and a consumer secret. This is all you need in your client application to access Voota API.

These are the OAuth backend urls:

• Request Token URL: http:/voota.es/oauth/request_token
• Access Token URL: http://voota.es/oauth/access_token
• Authorize URL: http://voota.es/oauth/authorize

Access modes

Once you have your keys you have to sign or authenticate your requests, depending on the method you are going to call (every method explanation page indicates the access mode).

Read-write mode

If the access mode is read-write you have to get authorization from the users and get a valid access token with which sign the requests as indicated by OAuth specification.

Read-only mode

If the access mode is read-only, you don't have to sign your requests.

About access tokens expiration

Access tokens should never expire. An user's access token will be invalidated if the user explicitly revokes your application's authorization or if Voota suspends your application. If your application is suspended there will be a note on your application page saying that it has been suspended. In either case, your application should be able to handle token revokation gracefully.