I want to use the OSM API in my C# application to edit data coming from my app. I was just wondering about authentication. I know the API has both basic http authentication and OAuth. Which one is the better option? Since you have to input your username+password for basic http authentation, won't this be insecure?

And when using OAuth, how will this work exactly? You have to make a request of some sort and it will return a token which you can use to sign requests with? I'm not very familiar with OAuth, so any help would be appreciated on this.

For clarification: My app will have a list of restaurants coming from OSM. When a restaurant owner edits it's profile page (E.g. it's address), I will have to update this to OSM (According to the policies).

Yes, I'm fairly new to using APIs and brand new to using the OSM API, so any help would be greatly appreciated!

asked 11 Oct '16, 15:33

BasBouwhuis's gravatar image

BasBouwhuis
36337
accept rate: 0%


You definitely want to use OAuth this avoids storing login/password on the device completely.

Your app first needs to get a consumer key and a consumer secret, see https://www.openstreetmap.org/user/XXXXX/oauth_clients/new This is a one time action done by the developer of the app.

For the rest see for example https://marktrapp.com/blog/2009/09/17/oauth-dummies/

permanent link

answered 11 Oct '16, 23:29

SimonPoole's gravatar image

SimonPoole ♦
42.5k13309670
accept rate: 19%

edited 11 Oct '16, 23:29

Awesome, thanks! Quick question, how long are the request token and access token valid?

Edit: The API isn't supplying me with a oauth_verifier token when I grant access to the user.

I have gotten the oauth_token and oauth_token_secret when sending a request to the request token url.

I have also authorized this, by making a request to this url: http://api06.dev.openstreetmap.org/oauth/authorize. When I didn't have a callback url, it would just say it has granted me access. When I did provide a callback url, it would just go to the url with the already provided OAuth token, but nothing else.

When I made a request to http://api06.dev.openstreetmap.org/oauth/access_token with the tokens, I got an 401 Unauthorized error code.

What am I doing wrong?

(12 Oct '16, 08:19) BasBouwhuis

I'm fairly sure your base URL is wrong for the dev instance, IMHO it should be http://master.apis.dev.openstreetmap.org/ but I might be mistaken.

You are probably better off asking on the #osm-dev IRC channel (you may need to wait a while for an answer).

(12 Oct '16, 09:46) SimonPoole ♦

I read somewhere I should test my application against that url before using the real OSM url, it does work for everything but the access_token.

I'll ask around for getting the access_token, once again thank you very much!

(12 Oct '16, 09:55) BasBouwhuis
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×20
×3

question asked: 11 Oct '16, 15:33

question was seen: 5,584 times

last updated: 12 Oct '16, 09:55

powered by OSQA