Website logo

OAuth URL Support Ends

We’ve made some changes to how we accept OAuth parameters in requests to the API. From Monday 7th May 2018 we stopped accepting OAuth parameters sent in the URL.

What you need to do

If you’re not doing so already, you’ll need to send all OAuth parameters in the header of the API request. OAuth parameters are any of the following:

"oauth_version", "oauth_consumer_key", "oauth_token", "oauth_verifier", "oauth_callback", "oauth_timestamp","oauth_nonce", "oauth_signature_method", "oauth_signature"

This will affect all authenticated requests to API endpoints and requests to secure.trademe to gain request and access tokens.

The following are examples of what are not accepted:,MyTradeMeWrite


The following are examples of how your requests should look.

Example to generate a request token



Authorization: OAuth oauth_callback=XXXX, oauth_consumer_key=XXXX, oauth_version=X, oauth_timestamp=XXXX, oauth_nonce=XXXX, oauth_signature_method=XXXX, oauth_signature=XXXX

Example request with token



Authorization: OAuth oauth_consumer_key=XXXX, oauth_token=XXXX, oauth_version=X, oauth_timestamp=XXXX, oauth_nonce=XXX, oauth_signature_method=XXXX, oauth_signature=XXXX