I am having trouble fully understanding the role of oAuth and if we are completing the process of getting user keys correctly. The SDK gets a request token in the form of a key and secret key pair. This request token is then used to get a “verifier” from the user once they manually accept. This verifier is then used to get an access token in the form of a key and secret key pair. When I send a document, the headers contain the key and verifier and it looks like the secret key is never used. Its value is passed to the underlying GetSignatureBase method but is ignored in that method and when I look through the example application the “TokenSecret” variable is never used when making any web requests. I have a few questions:
What is the point of the token secret if it is never used?
In order to send documents on behalf of the user going forward, do I need to only save the verifier and get an access token each time or can I save the access token for all future transactions?
What is the point of the Secure Token authentication method which uses the API key? It appears that when I use this method of sending documents they are sent under the owner account where they API key is listed. I can use oAuth to get a key for a user and send under their account but I do not understand the point of the Secure Token method.
Be the first to post a reply!