Each API method accepts a set of authentication parameters in addition to its stated arguments:
The application key is an opaque string assigned by Eventful which identifies the application making the method call. This is separate from user authentication, which identifies the Eventful user using the application. For example, if Eventful user harry is using a Dashboard widget to display events from a Smart Calendar,
app_key would identify the Dashboard widget and
user_key) would identify the user.
A valid application key is required for any interaction with the Eventful API. Application developers may request an application key from the Eventful API site.
Eventful supports oAuth 1.0 for Eventful API clients to access API resources on behalf of Eventful users.
Your application must first register as an oAuth consumer. To register an application, select [get oAuth consumer] for the application's key at API Application Keys. Your consumer key and consumer secret should be listed under your application key. You will need all three in order to use oAuth.
To access a user's protected resources, that user must first authorize your application. A "User" may be just your App trying to create events, upload images etc that needs authentication. In this case you'll just have to go through the process once and then you'll have your access token. In the case of your app wanting to login with real Eventful users you'll have to do the following once for every user that wants to be authenticated. The process of authorizing an application has three separate steps,
The access token is all your application needs in order to access protected API resources. The access token will not automatically expire, but access can be revoked at any time by the user or Eventful. If the access token is revoked you may repeat the authorization steps to acquire a new access token.
These endpoints handle the authorization process,
The consumer, request token, and access token in this example are for illustration only, they will not work for real requests. Substitute your own consumer to test your client implementation.
We need a consumer key and consumer secret to identify our consumer.
First we need to get a request token from Eventful. We must specify a callback URL which will be used later by the authorization step.
> POST /oauth/request_token?oauth_callback=http%3A%2F%2Fexample.com%2Fcallback&oauth_consumer_key=bafe29a8e561b3d15803&oauth_nonce=1cdb7f498ba9811513f2&oauth_signature=8EfteAvDBuE8MTVBABg2WhXnzY0%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1336765460&oauth_version=1.0 HTTP/1.1 > Host: eventful.com > Accept: */* > < HTTP/1.1 200 OK < Content-length: 102 < Content-Type: text/html; charset=UTF-8 oauth_token=a2f0ff589d81971049f5&oauth_token_secret=b2e399a290de4ddef47b&oauth_callback_confirmed=truev
Now we have a request token.
We must now forward the user's web browser to the authorization endpoint to authorize the request token.
The user will be prompted to authorize the consumer, that is, our application. Once their identity is confirmed and authorization is complete, Eventful redirects the user back to the callback with a
We use the
oauth_verifier to exchange the request token for an access token.
> POST /oauth/access_token?oauth_consumer_key=bafe29a8e561b3d15803&oauth_nonce=02c943977f5c9fd404bd&oauth_signature=K44I4kgqSQL5k05m4MdNP1dLSv4%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1336765614&oauth_token=a2f0ff589d81971049f5&oauth_verifier=18b1274f229e43152a2b&oauth_version=1.0 HTTP/1.1 > Host: eventful.com > Accept: */* > < HTTP/1.1 200 OK < Content-length: 72 < Content-Type: text/html; charset=UTF-8 oauth_token=f1a1b7d55226d2fafd76&oauth_token_secret=2ee984ea96581a99a7a1
Now we have an access token.
We may now request the user's protected resources. In this case, we list their saved locations.
> GET /rest/users/locales/list?app_key=test_key&oauth_consumer_key=bafe29a8e561b3d15803&oauth_nonce=fe639103d4752c844661&oauth_signature=rXMxiIv7fyHcztzdLxW3CLTcaBQ%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1336776486&oauth_token=f1a1b7d55226d2fafd76&oauth_version=1.0 HTTP/1.1 > Host: api.eventful.com > Accept: */* > < HTTP/1.1 200 OK < Content-type: text/xml; charset=utf-8 < Content-length: 12937 <?xml version="1.0" encoding="UTF-8"?> <locales> <locale> <name>San Diego metro area</name> <location_type>metro_id</location_type> <location_id>1</location_id> <modified></modified> </locale> </locales>