stereomood API

authentication

the REST API require user authentication to access or publish data, functionalities on stereomood.com available to logged in users, such as creating playlists or tagging songs, are similarly protected through the API.

OAuth

OAuth is a token-passing mechanism that allows users to control which application have access to their data without giving away their passwords. more information on the OAuth specification can be found at oauth.net or in the excellent Beginner’s Guide to OAuth from hueniverse.

registration for OAuth applications is available at /api/apps/register.

access tokens should never expire. an user’s access token will be invalidated if the user explicitly revokes your application’s authorization or if stereomood.com suspends your application.

This is the OAuth flow on stereomood.com:

  1. the application uses api/oauth/request_token to obtain a request token from stereomood.com.
  2. the application directs the user to api/oauth/authenticate on stereomood.com.
  3. after obtaining approval from the user, stereomood.com redirects to the postback url provided by the application.
  4. the application call api/oauth/access_token which will  exchange a request_token for an access_token.
  5. stereomood.com will return an access_token for the application to generate subsequent OAuth signatures.

Desktop/Mobile Clients

If your client can’t access to the standard OAuth flow we have implemented a pin-based experience that use the following flow:

  1. the application calls api/oauth/request_token to obtain a request token.
  2. the application directs the user to api/oauth/authorize.
  3. after obtaining approval from the user, a page will display a 5 digit pin.
  4. the user has to copy this pin and return to the application.
  5. the application will prompt the user to enter the pin from step 4.
  6. the application uses the pin as the value for the oauth_verifier parameter in a call to api/oauth/access_token which will verify the pin and exchange a request_token for an access_token.
  7. stereomood.com will return an access_token for the application to generate subsequent OAuth signatures.

Last edited by Stereomood Tech Team, October 5, 2010

create an application