External Authorization

This document only covers external web or desktop apps. For all other applications (iframe or markup), this step is not necessary.

Before an application can make use of the Bebo platform, it must be authorized by a Bebo user. Authorization is a simple process that happens in the user's browser and allows an application to act on behalf of that user.

Step 1: Call auth.createToken

The first step in the authorization process is to call the api method auth.createToken This method returns an opaque token which is used to obtain a session key. A session key is then used to make API calls on behalf of a Bebo user.

Step 2: Direct your users to login.php

After you have obtained an auth token, you must open a browser and direct it to http://bebo.com/login.php. Additionally, you must provide two additional parameters, api_key and auth_token. The api_key parameter is the api key of the calling application, and auth_token is the text of the token generated in step 1. In addition to auth_token and api_key, login.php accepts the following parameters:

  • api_key
    The API key that identifies your application, can be found in the developer app. Required.
  • auth_token
    The opaque token created when you called auth.CreateToken in step 1. Required.
  • popup
    If set, the page will be rendered without headers and footers, facilitating inclusion in a popup window
  • skipcookie
    If set to true, the user will be forced to log in whether or not they are presently logged in to Bebo.
  • next
    A url to visit after the login has completed.
  • hide_checkbox
    Hides the checkbox that allows the user to request an infinite session.

Step 3: Call auth.getSession

After the user has authorized the token you provided, your application should now call auth.getSession. If all goes well, the return value of this call gives you the session key text and tells about how long it will last. Your application is now authorized for this user, and you can use this key as when making API calls on behalf of this user.

Session Expiry

If the user unchecked the infinite token box when they authorized your application, then the session key you are granted will expire in two weeks. If the box was checked, the session key will be infinite. When you are granted a session key, the response contains a value that indicates when the key will expire.