OAuth 1.0a Zero-Legged Authentication

OAuth 1.0a Authentication is a signature that is computed using a ConsumerKey and Secret and the details of the request.

If your target API server is using OAuth 1.0a then you likely already have a ConsumerKey and Secret value.

To use OAuth 1.0a Authentication, you will have to supply the ConsumerKey and Secret value at the time of configuration.

At runtime, the gateway applies the ConsumerKey and Secret to the various parts of the request as called on the OAuth 1.0a algorithm to generate a signature string that looks like this:

OAuth oauth_consumer_key="YourConsumerKey",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1444671481",oauth_nonce="19z7xA",oauth_version="1.0",oauth_signature="NHuhgYNoWFAigBwQidd00Fypjo4%3D”

The gateway adds or replaces this signature as the valid authorization header that is passed on to your target API server. Your target API, knowing the ConsumerKey and secret and having access to the same request variables, timestamp, and nonce, should be able to generate the same value as passed in the oauth_signature. If the signatures match, you know the call is valid and can proceed. If they do not match, something is wrong and your server can reject the request as unauthorized.