OAuth URL Support Ends
We’ve made some changes to how we accept OAuth parameters in requests to the API. From Monday 7th May 2018 we stopped accepting OAuth parameters sent in the URL.
What you need to do
If you’re not doing so already, you’ll need to send all OAuth parameters in the header of the API request. OAuth parameters are any of the following:
"oauth_version", "oauth_consumer_key", "oauth_token", "oauth_verifier", "oauth_callback", "oauth_timestamp","oauth_nonce", "oauth_signature_method", "oauth_signature"
This will affect all authenticated requests to API endpoints and requests to secure.trademe to gain request and access tokens.
The following are examples of what are not accepted:
https://secure.trademe.co.nz/Oauth/RequestToken?oauth_consumer_key=XXX&oauth_signature_method=XXXX&oauth_timestamp=XXXX&oauth_nonce=XXXX&oauth_version=X&oauth_signature=XXXX&oauth_callback=XXXXXX&scope=MyTradeMeRead,MyTradeMeWrite
Or:
https://api.trademe.co.nz/v1/Listings/123456.json?oauth_consumer_key=XXXX&oauth_token=XXXX&oauth_signature_method=XXXX&oauth_timestamp=XXXX&oauth_nonce=XXXX&oauth_version=X&oauth_signature=XXXX%26XXXX
The following are examples of how your requests should look.
Example to generate a request token
Url
https://secure.trademe.co.nz/Oauth/RequestToken?scope=MyTradeMeRead,MyTradeMeWrite
Header
Authorization: OAuth oauth_callback=XXXX, oauth_consumer_key=XXXX, oauth_version=X, oauth_timestamp=XXXX, oauth_nonce=XXXX, oauth_signature_method=XXXX, oauth_signature=XXXX
Example request with token
Url
https://api.trademe.co.nz/v1/Listings/123456.json
Header
Authorization: OAuth oauth_consumer_key=XXXX, oauth_token=XXXX, oauth_version=X, oauth_timestamp=XXXX, oauth_nonce=XXX, oauth_signature_method=XXXX, oauth_signature=XXXX