Introduction to ImmoScout24 API Authentication
ImmoScout24 uses OAuth 1.0a to provide authorized access to its APIs. For more detailed information about OAuth, please refer to the OAuth 1.0a core document.
We highly recommend that you use a library to implement the authentication. Please refer to the official list of OAuth 1.0a libraries.
For authentication purposes, your application (in OAuth known as Consumer1 ) uses:
consumer keythat acts as a unique identifier for your application and
consumer secretthat is used as a password for your application.
If you haven't done so yet, please generate your
consumer key and
The ImmoScout24 API expects each API call to go through the authentication process and distinguishes between two types:
Two-legged OAuthis a form of authentication where an application makes API requests without a user context. It requires a
consumer secretonly to sign the request and to authenticate your application. This applies, for instance, to the search resource where an application performs GET requests to our search result list. For more details on how to do two-legged OAuth, please proceed to this section.
Three-legged OAuthis a form of authentication where an application is granted permission by a user to act on behalf of that user2. This requires both a
consumer secret, and an
access token. The
access tokenrepresents the explicit permission of the ImmoScout24 user for your application to access his/her resources. For more details on how to do three-legged OAuth, please proceed to this section.