Using the AOL Open Auth API with its basic functionality is extremely simple. If you are using Open Auth API to get an Authentication Token that allows access to certain AOL Open APIs that require OpenAuth Authentication Tokens, you do not need to take any other steps than registering for them. The 'devId' created for any AOL Open APIs can be used to access Open Auth APIs.
If you are using Open Auth API to allow AOL/AIM users to login to your Web Site/Application, the following steps will get you on your way:
- Visit AOL Developer Site and register for a 'devId'
- Once you have your 'devId', you can formulate a login Url with required parameters (see API Reference) and add it to your Web Site/Application.
NOTE: It is very important that you register your 'devId' with your Site/Application's correct Url in order to be able to use AOL Open Services APIs. OpenAuth Tokens would be restricted to be used only from the same Site/Application for which they are issued to.
How do I ....
Add AOL Open Auth Login to my Web Site/Application
Using the AOL Open Auth API to allow AOL/AIM users to login to your Web Site/Application is very simple and easy. The following steps will walk you through the simple process:
- Follow the steps outlined in the above section to get a 'devId'
- Create the loginUrl by appending required parameters to the "login" method
- http://api.screenname.aol.com/auth/login?
- Sample request parameters for a simple Session based login (valid for 24 hrs):
- devId=<devId registered for your site/app>&f=xml&succUrl=http%3A//your.site.domain/page/succLogin.php%3Fparam1%3D1%26param2%3D2
- Note: 'succUrl' must be set to the page/handler on your site/application that can validate the Authentication Token to retrieve user's information.
- Insert a Login link in your Web Site/Application using the login Url created above.
- Add code to your success Login handler to do the following steps:
- extract Authentication Token from the response data
- create Authentication Token validation Url by using 'getInfo' method
- http://api.screenname.aol.com/auth/getInfo?
- Sample request parameters for a simple getInfo request:
- devId=<devId registered for your site/app>&f=xml&a=<token 'a' value received in the response data>&referer=http%3A//your.site.domain/page/startpage.php
- Note: The 'referer' param value should match atleast until the last '/' (forward slash) in the url of the page where the 'login' link was embedded. If there is only one '/' in the url (not counting the protocol part - 'http(s)://'), then complete path excluding the query parameters is used for comparison. Ex.
- http://your.site.domain/page/startpage would match with http://your.site.domain/page/succLogin
- http://your.site.domain/page1/startpage would not match with http://your.site.domain/page2/succLogin
- http://your.site.domain/startpage.html would match with http://your.site.domain/startPage.html
- http://your.site.domain/startpage.html would not match with http://your.site.domain/succLogin.php
- extract user's loginId & displayName from the 'getInfo' response
- create your own Web Site/Application session to maintain the user login information
- Update your Web Site/Application's logic to check for the AOL user login information in your session and display login/logout links accordingly.
Refer Sample Code
Use other Identity based AOL Open Services
Although not all AOL Services have their Open APIs published yet, there are quite a few that are already available via AOL Developer Site. In most cases, each AOL Service that requires the Authentication Token to consume its API would incorporate the details on how to utilize OpenAuth API to acquire an authentication token that can be used with their Service. In some cases, the AOL Open Service APIs provide code libraries that are already bundled with the necessary functionality to invoke OpenAuth APIs.
Sample of such is the new Web AIM API that provides Javascript libraries that are already integrated with OpenAuth.