The majority of Ubuntu One services make use of OAuth
authentication. So rather than sending a user name and password with
each individual API request, the client goes through an authorisation
process to acquire a token that can be used in their place.
This has a number of benefits:
The client does not need to store the user’s password.
The user’s password is only sent over the network during the
initial login process.
The user can de-authorise a client by deleting its token on the
Ubuntu One website without affecting any other clients.
While OAuth provides a common way to authenticate to the various
Ubuntu One APIs, the recommended method of acquiring an authentication
token differs depending on the platform the client is running on.
Once an access token has been acquired, it can be used to access other
Ubuntu One APIs. The vast majority of these APIs support standard
OAuth 1.0 signatures using either the PLAINTEXT or HMAC-SHA1
algorithms. For example: