OAuth 1.0
Authenticate requests using OAuth 1.0 signed requests
OAuth 1.0 authentication signs requests cryptographically using consumer credentials and access tokens. While largely replaced by OAuth 2.0, some APIs (like Twitter’s v1.1 API) still require OAuth 1.0.
How It Works
OAuth 1.0 creates a signature from request parameters, consumer credentials, and tokens. The signature is sent in the Authorization header:
Authorization: OAuth oauth_consumer_key="...", oauth_signature="...", ...
Each request includes a unique nonce and timestamp to prevent replay attacks.
Configuration
Select OAuth 1.0 from the Auth dropdown. Configure these fields:
| Field | Description |
|---|---|
| Signature Method | Algorithm for signing (HMAC-SHA1, HMAC-SHA256, RSA-SHA1, etc.) |
| Consumer Key | Your application’s consumer key |
| Consumer Secret | Your application’s consumer secret |
| Access Token | User’s access token |
| Token Secret | Secret associated with the access token (for HMAC methods) |
| Private Key | RSA private key in PEM format (for RSA methods) |
Signature Methods
Yaak supports multiple signature algorithms:
HMAC-based (symmetric):
- HMAC-SHA1 (most common)
- HMAC-SHA256
- HMAC-SHA512
RSA-based (asymmetric):
- RSA-SHA1
- RSA-SHA256
- RSA-SHA512
Other:
- PLAINTEXT (not recommended for production)
For HMAC methods, provide the Consumer Secret and Token Secret. For RSA methods, provide your private key in PEM format instead.
Advanced Options
Expand Advanced for additional settings:
| Field | Description |
|---|---|
| Callback URL | OAuth callback URL for authorization flows |
| Verifier | Verification code from authorization |
| Timestamp | Custom timestamp (auto-generated if empty) |
| Nonce | Custom nonce (auto-generated if empty) |
| OAuth Version | Protocol version (default: 1.0) |
| Realm | Authentication realm |
Usage
- Select OAuth 1.0 from the Auth dropdown
- Choose your signature method
- Enter your consumer credentials
- Add access token and token secret (or private key for RSA)
- Send your request—Yaak signs it automatically
Template Variables
Use environment variables for credentials:
Consumer Key: ${[env.OAUTH1_CONSUMER_KEY]}
Consumer Secret: ${[env.OAUTH1_CONSUMER_SECRET]}
Troubleshooting
Invalid Signature
- Verify all credentials are correct
- Check that the signature method matches what the API expects
- Ensure your system clock is accurate
Timestamp Rejected
- OAuth 1.0 requires timestamps within a few minutes of server time
- Check your system clock synchronization
Nonce Already Used
- Each request needs a unique nonce
- Let Yaak auto-generate nonces (leave the field empty)
Was this page helpful?