Developers can choose to receive signed getPOIs requests. The signing will conform to OAuth signing requests and the signing parameters can be set for each layer using the Layar Publishing Website. Only HMAC-SHA1 signature method is supported. The Signature Base String is generated using:
- The HTTP method: GET
- The URL for the request: e.g. http://layarapi.example.net/mylayer/getpoi
- The normalized request parameters, including the oauth request parameters, excluding oauth_signature. The oauth request parameters used by the Layar Developer API are: oauth_consumer_key, oauth_signature_method, oauth_timestamp, oauth_nonce, oauth_body_hash and oauth_version.
Key Steps to Implement
Configuration on the Publishing Site
On the publishing site, we need to enable OAuth signing under the API endpoint tab.
Implement OAuth signing mechanism in your web service
Once OAuth signing is enabled on the publishing site, oauth parameters will be passed through the getPOIs request. Twitter has a great introduction to how OAuth works when accessing an API. The official OAuth specification can be found here. You need to implement 2-legged OAuth signing in your web service. There are many open source libraries for all kinds of languages that implement OAuth for you. One of our layer developers, Mobius, has posted a How to tutorial on how to implement it in PHP.
A good place to test your OAuth library or implementation is the OAuth Sandbox.