In order to use the Marq API, a client must have permission from the user to access their data. This permission is granted with an OAUTH access token following the OAuth 1.0 specification.
Details of the OAUTH authorization process and libraries for most languages can be found at http://oauth.net/. To obtain the access token, the following steps need to be taken:
- Request an OAUTH consumer key and secret from this page.
- Obtain a request token. Using the consumer key and secret a request token can be obtained following the OAUTH protocol (see Obtaining an Unauthorized Request Token). The callback should be provided as part of making the call for a request token (Marq does not currently support the oob flow). The Marq endpoint for obtaining a request token is: https://app.Marq.com/oauth/requestToken
- Obtain authorization. Authorization is obtained by redirecting the user to the Marq authorization page with the appropriate OAUTH query parameters (see Obtaining User Authorization). The Marq authorization page is: https://app.Marq.com/oauth/authorize
- Obtain the access token. If the user authorizes the third party, they will be redirected back to the third-party callback URL (that was provided when when the request token was requested) with a verifier as described in the oauth specification. Using the verifier and request token, the third party can request an access token (see Obtaining an Access Token). The Marq endpoint for obtaining an access token is: https://app.Marq.com/oauth/accessToken
With the access token, a third party can sign requests to the Marq API and get access to users data (see Signing Requests). Note that the Access Token can be revoked by the user at any time the user decides they no longer want the third party to have access to their Marq data.