The Digg API supports OAuth 1.0 for authenticating users. Depending on which language you are using, there may be a suitable OAuth client library you can use. See a list here.
You may create an application in the My Apps section of this documentation. Upon creation of a new application you will be given a consumer key and secret, which can be used to make authenticated requests to the API.
Digg supports the HTTP_OAuth PEAR package for OAuth consumer interaction. Services_Digg2 accepts an instance of HTTP_OAuth_Consumer to make authenticated OAuth calls.
Here is a diagram and flow chart that briefly describes each step in the OAuth process. Each step has a more in depth description below.
1) Obtaining a request token
The first step in the OAuth process is obtaining a request token and request token secret. Digg's request token endpoint is oauth-request-token. If you are creating a web application you will likely specifiy a callback url in the request, otherwise Out Of Band authentication would be used (oob). See the OAuth 1.0 RFC for more info. You will need to temporarily store both the request token and request token secret, as you will need to use it in a later step. See the method detail page for an example.
2) Directing the user to authorize your application
Once your application has obtained a request token and request token secret, you may direct the user to Digg's authorize url. This will ask the user to authorize your application. Digg has two authorize urls:
- http://digg.com/oauth/authorize?oauth_token=TOKEN - Always prompt a user to authorize
- http://digg.com/oauth/authenticate?oauth_token=TOKEN - Redirect user to callback if they have already authorized your application
Once the user has confirmed the request, the result is either a redirect to the the callback url with an oauth_verifier argument OR the web page displays the verifier as a PIN, for the user to copy and pass to the application.
3) Obtaining an access token
When a user returns to your application with a verifier you should then exchange the request token for an access token and access token secret. Digg's access token endpoint is oauth-access-token. Digg has implemented OAuth 1.0a which requires an extra parameter during this request, the verifier code. It is either added onto your specified callback url as a query parameter or shown to the user after authorization if no callback was specified ('oob'). Once you have an access token and access token secret you are ready to make authenticated calls to Digg!
For futher information see the RFC 5849 - The OAuth 1.0 Protocol
Toolkits
Services_Digg2 is a PEAR package created by the developers at Digg that allows developers to quickly consume and interface with the Digg API.
Have a toolkit of your own?