The IS24 API needs authentication for every request and therefore relies on OAuth 1.0a.
- gives an overview of the OAuth-Terminology,
- depicts the authentication process at the IS24 API
- shows how to get started with OAuth in the IS24 context
It is assumed that you are familiar with the principles behind OAuth. For more background information about OAuth, see the Beginner's Guide to OAuth.
At http://oauth.net/code a list of oAuth libraries
We have a tutorial for accessing data of an immobilienscout24 user. A detailed description of the single request steps, the required oauth-, query- and response-parameters can be found API-Authentication-Details.
The OAuth Specification distinguishes between two authentication objects:
an application which acts on behalf of the user and
uses the 3rd party application (Consumer).
Consumer → System
In the IS24 terminology the OAuth Consumer is called System.
For authentication purposes a System uses
- System key and
- System secret.
The key acts as unique identifier of the System and the secret as a kind of password for this System.
A user within the IS24 API is the IS24-user who uses the 3rd party application (System).
The IS24 API expects for each API call authentication but distinguishes between two levels:
- Two-legged OAuth:
requires only a System-key to sign the request. The user doesn't need to give any permission to access his/her resources.
- Three-legged OAuth:
requires both a System-key and a so-called access_token which represents the explicit permission of the IS24-user to access his/her resources.