Sample code for 30+ languages & platforms
Delphi DLL

Etsy OAuth1 Authorization

See more Etsy Examples

Demonstrates 3-legged OAuth1 authorization for Etsy.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, FileAccess, Hashtable, Socket, HttpResponse, OAuth2, StringBuilder, JsonObject, HttpRequest, Task;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
consumerKey: PWideChar;
consumerSecret: PWideChar;
requestTokenUrl: PWideChar;
authorizeUrl: PWideChar;
accessTokenUrl: PWideChar;
callbackUrl: PWideChar;
callbackLocalPort: Integer;
http: HCkHttp;
req: HCkHttpRequest;
resp: HCkHttpResponse;
hashTab: HCkHashtable;
requestToken: PWideChar;
requestTokenSecret: PWideChar;
sbUrlForBrowser: HCkStringBuilder;
url: PWideChar;
listenSock: HCkSocket;
backLog: Integer;
sock: HCkSocket;
maxWaitMs: Integer;
task: HCkTask;
oauth2: HCkOAuth2;
startLine: PWideChar;
requestHeader: PWideChar;
sbResponseHtml: HCkStringBuilder;
sbResponse: HCkStringBuilder;
sbStartLine: HCkStringBuilder;
numReplacements: Integer;
authVerifier: PWideChar;
accessToken: PWideChar;
accessTokenSecret: PWideChar;
json: HCkJsonObject;
fac: HCkFileAccess;

begin
success := False;

consumerKey := 'keystring';
consumerSecret := 'shared_secret';

// Specify one or more SPACE separated scopes as query params in the requestTokenUrl
// See https://www.etsy.com/developers/documentation/getting_started/oauth#section_permission_scopes
requestTokenUrl := 'https://openapi.etsy.com/v2/oauth/request_token?scope=email_r%20listings_r%20listings_w%20listings_d';
authorizeUrl := 'https://www.etsy.com/oauth/signin';
accessTokenUrl := 'https://openapi.etsy.com/v2/oauth/access_token';

// The port number is picked at random. It's some unused port that won't likely conflict with anything else..
callbackUrl := 'http://localhost:3017/';
callbackLocalPort := 3017;

// The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
http := CkHttp_Create();

CkHttp_putOAuth1(http,True);
CkHttp_putOAuthConsumerKey(http,consumerKey);
CkHttp_putOAuthConsumerSecret(http,consumerSecret);
CkHttp_putOAuthCallback(http,callbackUrl);

req := CkHttpRequest_Create();
CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');

resp := CkHttpResponse_Create();
success := CkHttp_HttpReq(http,requestTokenUrl,req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:  
// login_url=https%3A%2F%2Fwww.etsy.com%2Foauth%2Fsignin%3Foauth_consumer_key%3D9ad9l1omxzbwfr2niq0ce1ly%26oauth_token%3D7116b4d0c72c2736561853d9e50113%26service%3Dv2_prod&oauth_token=7116b4d0c72c2736561853d9e50113&oauth_token_secret=3b7612b5d3&oauth_callback_confirmed=true&oauth_consumer_key=9ad9l1omxzbwfr2niq0ce1ly&oauth_callback=http%3A%2F%2Flocalhost%3A3017%2F
Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));

// We'll need this for later..
hashTab := CkHashtable_Create();
CkHashtable_AddQueryParams(hashTab,CkHttpResponse__bodyStr(resp));

requestToken := CkHashtable__lookupStr(hashTab,'oauth_token');
requestTokenSecret := CkHashtable__lookupStr(hashTab,'oauth_token_secret');
CkHttp_putOAuthTokenSecret(http,requestTokenSecret);

Memo1.Lines.Add('oauth_token = ' + requestToken);
Memo1.Lines.Add('oauth_token_secret = ' + requestTokenSecret);

// ---------------------------------------------------------------------------
// The next step is to form a URL to send to the authorizeUrl
// This is an HTTP GET that we load into a popup browser.
sbUrlForBrowser := CkStringBuilder_Create();
CkStringBuilder_Append(sbUrlForBrowser,authorizeUrl);
CkStringBuilder_Append(sbUrlForBrowser,'?');
CkStringBuilder_Append(sbUrlForBrowser,CkHttpResponse__bodyStr(resp));
url := CkStringBuilder__getAsString(sbUrlForBrowser);

// When the url is loaded into a browser, the response from Etsy will redirect back to localhost:3017
// We'll need to start a socket that is listening on port 3017 for the callback from the browser.
listenSock := CkSocket_Create();

backLog := 5;
success := CkSocket_BindAndListen(listenSock,callbackLocalPort,backLog);
if (success = False) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(listenSock));
    Exit;
  end;

// Wait for the browser's connection in a background thread.
// (We'll send load the URL into the browser following this..)
// Wait a max of 60 seconds before giving up.
sock := CkSocket_Create();
maxWaitMs := 60000;
task := CkSocket_AcceptNextAsync(listenSock,maxWaitMs,sock);
CkTask_Run(task);

// Launch the system's default browser navigated to the URL.
oauth2 := CkOAuth2_Create();
success := CkOAuth2_LaunchBrowser(oauth2,url);
if (success = False) then
  begin
    Memo1.Lines.Add(CkOAuth2__lastErrorText(oauth2));
    Exit;
  end;

// Wait for the listenSock's task to complete.
success := CkTask_Wait(task,maxWaitMs);
if (not success or (CkTask_getStatusInt(task) <> 7) or (CkTask_getTaskSuccess(task) <> True)) then
  begin
    if (not success) then
      begin
        // The task.LastErrorText applies to the Wait method call.
        Memo1.Lines.Add(CkTask__lastErrorText(task));
      end
    else
      begin
        // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        Memo1.Lines.Add(CkTask__status(task));
        Memo1.Lines.Add(CkTask__resultErrorText(task));
      end;
    CkTask_Dispose(task);
    Exit;
  end;

// If we get to this point, the connection from the browser arrived and was accepted.

// We no longer need the listen socket...
// Stop listening on port 3017.
CkSocket_Close(listenSock,10);

CkTask_Dispose(task);

// Read the start line of the request..
startLine := CkSocket__receiveUntilMatch(sock,#13#10);
if (CkSocket_getLastMethodSuccess(sock) = False) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(sock));
    Exit;
  end;

// Read the request header.
requestHeader := CkSocket__receiveUntilMatch(sock,#13#10 + #13#10);
if (CkSocket_getLastMethodSuccess(sock) = False) then
  begin
    Memo1.Lines.Add(CkSocket__lastErrorText(sock));
    Exit;
  end;

// The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
// Once the request header is received, we have all of it.
// We can now send our HTTP response.
sbResponseHtml := CkStringBuilder_Create();
CkStringBuilder_Append(sbResponseHtml,'<html><body><p>Chilkat thanks you!</b></body</html>');

sbResponse := CkStringBuilder_Create();
CkStringBuilder_Append(sbResponse,'HTTP/1.1 200 OK' + #13#10);
CkStringBuilder_Append(sbResponse,'Content-Length: ');
CkStringBuilder_AppendInt(sbResponse,CkStringBuilder_getLength(sbResponseHtml));
CkStringBuilder_Append(sbResponse,#13#10);
CkStringBuilder_Append(sbResponse,'Content-Type: text/html' + #13#10);
CkStringBuilder_Append(sbResponse,#13#10);
CkStringBuilder_AppendSb(sbResponse,sbResponseHtml);

CkSocket_SendString(sock,CkStringBuilder__getAsString(sbResponse));
CkSocket_Close(sock,50);

// The information we need is in the startLine.
// For example, the startLine will look like this:
//  GET /?oauth_token=a3bc8bec84acc31418b68a532e9511&oauth_verifier=b5558d37 HTTP/1.1
sbStartLine := CkStringBuilder_Create();
CkStringBuilder_Append(sbStartLine,startLine);
numReplacements := CkStringBuilder_Replace(sbStartLine,'GET /?','');
numReplacements := CkStringBuilder_Replace(sbStartLine,' HTTP/1.1','');
CkStringBuilder_Trim(sbStartLine);

// oauth_token=a3bc8bec84acc31418b68a532e9511&oauth_verifier=b5558d37
Memo1.Lines.Add('startline: ' + CkStringBuilder__getAsString(sbStartLine));

CkHashtable_Clear(hashTab);
CkHashtable_AddQueryParams(hashTab,CkStringBuilder__getAsString(sbStartLine));

requestToken := CkHashtable__lookupStr(hashTab,'oauth_token');
authVerifier := CkHashtable__lookupStr(hashTab,'oauth_verifier');

// ------------------------------------------------------------------------------
// Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

CkHttp_putOAuthToken(http,requestToken);
CkHttp_putOAuthVerifier(http,authVerifier);

CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');

success := CkHttp_HttpReq(http,accessTokenUrl,req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

// Make sure a successful response was received.
if (CkHttpResponse_getStatusCode(resp) <> 200) then
  begin
    Memo1.Lines.Add(CkHttpResponse__statusLine(resp));
    Memo1.Lines.Add(CkHttpResponse__header(resp));
    Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));
    Exit;
  end;

// If successful, the resp.BodyStr contains something like this:
// oauth_token=7898d7ba280dc791586dcfd26b37a9&oauth_token_secret=f2a7c267aa
Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));

CkHashtable_Clear(hashTab);
CkHashtable_AddQueryParams(hashTab,CkHttpResponse__bodyStr(resp));

accessToken := CkHashtable__lookupStr(hashTab,'oauth_token');
accessTokenSecret := CkHashtable__lookupStr(hashTab,'oauth_token_secret');

// The access token + secret is what should be saved and used for
// subsequent REST API calls.
Memo1.Lines.Add('Access Token = ' + accessToken);
Memo1.Lines.Add('Access Token Secret = ' + accessTokenSecret);

// Save this access token for future calls.
// Just in case we need user_id and screen_name, save those also..
json := CkJsonObject_Create();
CkJsonObject_AppendString(json,'oauth_token',accessToken);
CkJsonObject_AppendString(json,'oauth_token_secret',accessTokenSecret);

fac := CkFileAccess_Create();
CkFileAccess_WriteEntireTextFile(fac,'qa_data/tokens/etsy.json',CkJsonObject__emit(json),'utf-8',False);

Memo1.Lines.Add('Success.');

CkHttp_Dispose(http);
CkHttpRequest_Dispose(req);
CkHttpResponse_Dispose(resp);
CkHashtable_Dispose(hashTab);
CkStringBuilder_Dispose(sbUrlForBrowser);
CkSocket_Dispose(listenSock);
CkSocket_Dispose(sock);
CkOAuth2_Dispose(oauth2);
CkStringBuilder_Dispose(sbResponseHtml);
CkStringBuilder_Dispose(sbResponse);
CkStringBuilder_Dispose(sbStartLine);
CkJsonObject_Dispose(json);
CkFileAccess_Dispose(fac);

end;