What kind of OAuth 1 authentication should I use for my integration?

Before you start making API calls AWeber’s API requires you to obtain access tokens that are used to prove you have both authorization and authentication to access a user’s AWeber account. There are two versions of this process available. The process is slightly different for each type, but the end result is the same. It can be confusing to figure out which type is better for your integration, but don’t worry!

This article will teach you about the differences and help you determine the best way to obtain access tokens for your integration.

Once you’ve decided, head on over to the archived version of our legacy OAuth 1 endpoints to read about the process of getting access tokens.

OAuth 1 Integrations

This method of authentication is the best choice in most cases. It follows the OAuth 1.0a standard as it’s written. This method uses the same consumer key and secret (listed in your Labs account) for each new user of your integration. If you control the source code of your integration and the consumer key and secret will be not be included with the source code then this is the way to go!

Note that it’s okay if your source code is hosted in GitHub or another public repository as long as your consumer key and secret are not included. Make sure to keep those in your secure database, in your config file, or something else that is for your eyes only. 

Consumer Key and Secret highlighted

Use the Consumer Key and Consumer Secret for OAuth 1. 

Distributed OAuth 1 Integrations

Distributed Authentication is the method of choice if your source code will be publicly available, including all config. This happens when you create a WordPress plugin, a Drupal plugin, or a few other types of publicly distributed apps. Instead of using the consumer key and secret listed in your Labs account, this uses the App ID instead to generate a fresh consumer key and secret for each new user. Thus this method deviates from the OAuth 1.0a standard a little, but the process is very similar. The App ID is not considered a secret like the consumer key and secret are, so if it’s included with your source code it’s okay.

App ID highlighted

Use the App ID for distributed auth.  

Multiple Users

Note that you can have multiple users of your integration with either type of authentication. You just need to generate a new request token (OAuth 1.0a standard) or a new authorization code (distributed authentication) for each user. You should never ask your users to create a Labs account to obtain their own consumer key and secret.

Now you’re ready to obtain your access tokens using your chosen method. Still not sure, or having trouble deciding? No worries! Reach out to our team at api@aweber.com and we’ll gladly walk you through it.

Have more questions? Submit a request