On client, you can use two authentication levels:
- API key
- OAuth
With the API key, the simplest one, you just need to set the client with you Consumer Key, provided by Tumblr API, like this
$client = new Tumblr\API\Client($consumerKey);
for use methods which are accessible from the API key. E.g.
$client->getBlogInfo($blogName);
The OAuth level is a little more complex, because it gives more access to user account. You need tokens which are provided only by user authorization. To obtain these tokens, first you need:
- Guarantee that your application credentials are valid
- Tell which page should the user return to
- Redirect user to the Tubmlr authorization page
For this, let's consider you are coding the page https://example.com/auth/tumblr
. You should configure your client with your application credentials, provided by OAuth
$client = new Tumblr\API\Client($consumerKey, $consumerSecret);
Point the request handler to Tumblr
$requestHandler = $client->getRequestHandler();
$requestHandler->setBaseUrl('https://www.tumblr.com/');
And send the request to Tumblr with your callback URL. Let's consider it would be https://example.com/auth/tumblr/callback
.
$response = $requestHandler->request('POST', 'oauth/request_token', [
'oauth_callback' => 'https://example.com/auth/tumblr/callback'
]);
If your credentials are valid, you will receive temporary tokens to continue. You can extract them this way
parse_str((string) $response->body, $tokens);
$tokens
will contain
['oauth_token' => '...', 'oauth_token_secret' => '...']
Save these tokens somehow (e.g. using $_SESSION
), because we will need them in the next session. After this, the user should be redirected to the URL https://www.tumblr.com/oauth/authorize?oauth_token={$tokens['oauth_token']}
.
Now, the user will decide if authorizes your application and then will be redirected to your callback page with 'get' param oauth_verifier
. Now let's consider you're coding the page https://example.com/auth/tumblr/callback
. One more time you should set the client with your application credentials and termporary tokens stored in the last session.
$client = new Tumblr\API\Client($consumerKey, $consumerSecret, $oauthToken, $oauthTokenSecret);
Again let's point the request handler to Tumblr
$requestHandler = $client->getRequestHandler();
$requestHandler->setBaseUrl('https://www.tumblr.com/');
And send the request to Tumblr with param oauth_verifier
, at this time receiving the definitive tokens
$response = $requestHandler->request('POST', 'oauth/access_token', [
'oauth_verifier' => $oauthVerifier
]);
You can also use the variable $_GET
to recover $oauthVerifier
.
If everything runs correctly, you will receive the definitive tokens, which can be extracted this way
parse_str((string) $response->body, $tokens);
Remember: you can verify the response status with $response->status
. If everything runs correctly, the status will be 200
. Otherwise, will be 401
. You can see all status here.
Finally, you can use any method provided by client.
$client = new Tumblr\API\Client($consumerKey, $consumerSecret, $oauthToken, $oauthTokenSecret);
$client->getUserInfo();