OAuth 1.0
OAuth 1.0 is a legacy authentication protocol still used by some APIs (notably Twitter v1.1 API). It signs each request with an HMAC signature.
Setup
- Select OAuth 1.0 from the Auth type dropdown
- Fill in:
| Field | Description |
|---|---|
| Consumer Key | Your OAuth 1.0 consumer key (API key) |
| Consumer Secret | Your OAuth 1.0 consumer secret |
| Access Token | OAuth access token |
| Token Secret | OAuth token secret |
| Signature Method | HMAC-SHA1 (default) or PLAINTEXT |
| Add params to | Header (recommended) or Query Params |
How it Works
Rostyman computes and signs the request in the Electron main process. The signature covers:
- HTTP method
- Request URL
- All parameters (OAuth params + query params)
- Timestamp and nonce (generated automatically per request)
The resulting Authorization: OAuth ... header is added automatically.
Signature Methods
| Method | Security |
|---|---|
HMAC-SHA1 | Standard — use this for most APIs |
PLAINTEXT | No hashing — only use over HTTPS |
Variables
All fields support {{variables}}:
Consumer Key: {{oauthConsumerKey}}
Consumer Secret: {{oauthConsumerSecret}}
Access Token: {{oauthToken}}
Token Secret: {{oauthTokenSecret}}