Applies to ReadyAPI 3.0, last modified on November 19, 2019
OAuth Logo

OAuth is an authorization method used to provide access to resources over the HTTP protocol.


OAuth 1 can be used for authorization of various applications or manual user access.

The general way it works is providing an application with an access token (which represents a user’s permission for the client to access their data) for request authentication.

A sample OAuth flow

Click the image to enlarge it.

OAuth Versions

There are two versions of OAuth authorization: OAuth 2.0 (it uses the HTTPS protocol to pass tokens) and OAuth 1 (it uses HMAC-SHA signature strings).

OAuth 1 Terms

OAuth 1 has a few interacting components:

  • User is a person who wants to get access.
  • Consumer is an application or website that uses OAuth to access the Service Provider.
  • Service Provider is a web application that allows access via OAuth.
  • Protected Resource is the data the user wants to access.


OAuth 1 Authorization uses Request Token and Access Token to get access to the resources on the resource server.

Request Token – a token containing Consumer Key and Consumer Secret used to ask the service for authorization.

Access Token – a token used to access the resource.

See Also

Wikipedia Article: OAuth
OAuth Core 1.0

Highlight search results