Authorisation and Authentication

The majority of Ubuntu One services make use of OAuth authentication. So rather than sending a user name and password with each individual API request, the client goes through an authorisation process to acquire a token that can be used in their place.

This has a number of benefits:

  • The client does not need to store the user’s password.
  • The user’s password is only sent over the network during the initial login process.
  • The user can de-authorise a client by deleting its token on the Ubuntu One website without affecting any other clients.

While OAuth provides a common way to authenticate to the various Ubuntu One APIs, the recommended method of acquiring an authentication token differs depending on the platform the client is running on.

Accessing Ubuntu One APIs

Once an access token has been acquired, it can be used to access other Ubuntu One APIs. The vast majority of these APIs support standard OAuth 1.0 signatures using either the PLAINTEXT or HMAC-SHA1 algorithms. For example:

GET https://one.ubuntu.com/api/account/ HTTP/1.1
Authorization: OAuth realm="", oauth_version="1.0",
  oauth_nonce="$nonce", oauth_timestamp="$timestamp",
  oauth_consumer_key="$consumer_key", oauth_token="$token",
  oauth_signature_method="PLAINTEXT",
  oauth_signature="$consumer_secret%26$token_secret"

If there is a library available for the language or framework you are using, consider using a it to generate the signatures to avoid formatting the signatures incorrectly.

While OAuth is sufficient for most Ubuntu One APIs, there are a few exceptions. To access these APIs, you will need to use the mobile login credentials: