Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

OAuth 1.0 clients

Updated on July 1, 2021

The OAuth standard framework enables secure, delegated access to services over HTTPS. OAuth provides tokens (sometimes called "valet keys") that provide access to your data that is hosted by a specific service provider. Each token grants access to a specific site for specific resources, for a defined period of time. A later version of this protocol, OAuth 2.0, uses a different data instance type.

Your applications can act as an OAuth 1.0 consumer and client. As a result, your application can access private resources stored in external websites like LinkedIn, which support the OAuth 1.0 protocol.

Create an OAuth Client data instance to allow your application to securely access Web Service APIs such as those provided by LinkedIn.com, Twitter.com, and Flickr.com, without storing or disclosing individual users' names and passwords. For example, you can query your LinkedIn account for information about your connections to help you build relationships with customers with whom you connect through your application.

Activities that submit information to the application that you want to connect to and receive tokens back from use data stored in the OAuth Client data instance.

Each external application handles OAuth in its own way. Consult the API guide for the application that you want to work with. At a high level, the process involves these steps:

  1. Get a request token. This is a temporary token that the application that you want to connect to uses to authenticate you. When you obtain a request token, you also get a token secret.
  2. Obtain user authorization from the application that you want to connect to, specifying the permissions (read, write, delete) that you want to use.
  3. Exchange the request token for an access token, which your application stores in a map value rule for reuse.
  4. After you get the access token, use it to make authenticated requests to the application you want to connect to, through its provided API.

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us