Skip to content

Two Legged OAuth

Some API endpoints at ImmoScout24 serve data that is independent of a user identity. To access these endpoints you can use two-legged OAuth.

This kind of authentication involves only two parties:

  • Your application (Consumer)
  • ImmoScout24 API (Service Provider)

Note

Most of our API endpoints serve data for a specific user and are protected by three-legged OAuth. It is unlikely that you need to use two-legged OAuth, except for specific endpoints. If you need to use two-legged authentication, the documentation will tell you so.

Main Steps of 2-legged OAuth 1.0 flow

After obtaining the consumer key and secret, you can simply sign your HTTP requests to the API according to the signing process defined in the OAuth 1.0a protocol.

To sign the request you only need your consumer secret and there is no token involved. We recommend that you use on of the libraries in the OAuth 1.0 collection. Please also see the code example below.

Code Example

To highlight how the two-legged authentication works, we have provided a complete code example that makes a request against the region search API.

If you want to run the code, follow the steps in our github repository.

In the code example we are using the Signpost Java library to sign our requests.

The Java Code:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package de.is24.oauth1flow;

import oauth.signpost.OAuthConsumer;
import oauth.signpost.basic.DefaultOAuthConsumer;
import oauth.signpost.exception.OAuthCommunicationException;
import oauth.signpost.exception.OAuthExpectationFailedException;
import oauth.signpost.exception.OAuthMessageSignerException;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;

public class TwoLeggedOAuth1FlowApplication {
    private static final String CONSUMER_KEY = "yourConsumerKey";
    private static final String CONSUMER_SECRET = "yourConsumerSecret";
    private static final String PROTECTED_RESOURCE_ENDPOINT = "https://rest.sandbox-immobilienscout24.de/restapi/api/gis/v1.0/country/276/region";


    public static void main(String[] args) throws IOException, OAuthCommunicationException, OAuthExpectationFailedException, OAuthMessageSignerException {
        // create a consumer object and configure it with the access
        // token and token secret obtained from the service provider
        OAuthConsumer consumer = new DefaultOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET);

        // create an HTTP request to a protected resource endpoint
        URL url = new URL(PROTECTED_RESOURCE_ENDPOINT);
        HttpURLConnection request = (HttpURLConnection) url.openConnection();

        // sign the request
        consumer.sign(request);

        // send the request
        request.connect();
        printResponse(request);
    }

    private static void printResponse(HttpURLConnection request) throws IOException {
        System.out.println(request.getResponseCode());
        InputStream in;
        try {
            in = request.getInputStream();
        } catch (IOException e) {
            in = request.getErrorStream();
        }

        BufferedReader inputReader = new BufferedReader(new InputStreamReader(in));
        String inputLine;
        while ((inputLine = inputReader.readLine()) != null) {
            System.out.println(inputLine);
        }
        inputReader.close();
    }
}