Sample code for 30+ languages & platforms
.NET Core C#

Etsy OAuth1 Authorization

See more Etsy Examples

Demonstrates 3-legged OAuth1 authorization for Etsy.

Chilkat .NET Core C# Downloads

.NET Core C#
bool success = false;

string consumerKey = "keystring";
string consumerSecret = "shared_secret";

// Specify one or more SPACE separated scopes as query params in the requestTokenUrl
// See https://www.etsy.com/developers/documentation/getting_started/oauth#section_permission_scopes
string requestTokenUrl = "https://openapi.etsy.com/v2/oauth/request_token?scope=email_r%20listings_r%20listings_w%20listings_d";
string authorizeUrl = "https://www.etsy.com/oauth/signin";
string accessTokenUrl = "https://openapi.etsy.com/v2/oauth/access_token";

// The port number is picked at random. It's some unused port that won't likely conflict with anything else..
string callbackUrl = "http://localhost:3017/";
int callbackLocalPort = 3017;

// The 1st step in 3-legged OAuth1.0a is to send a POST to the request token URL to obtain an OAuth Request Token
Chilkat.Http http = new Chilkat.Http();

http.OAuth1 = true;
http.OAuthConsumerKey = consumerKey;
http.OAuthConsumerSecret = consumerSecret;
http.OAuthCallback = callbackUrl;

Chilkat.HttpRequest req = new Chilkat.HttpRequest();
req.HttpVerb = "POST";
req.ContentType = "application/x-www-form-urlencoded";

Chilkat.HttpResponse resp = new Chilkat.HttpResponse();
success = http.HttpReq(requestTokenUrl,req,resp);
if (success == false) {
    Debug.WriteLine(http.LastErrorText);
    return;
}

// If successful, the resp.BodyStr contains something like this:  
// login_url=https%3A%2F%2Fwww.etsy.com%2Foauth%2Fsignin%3Foauth_consumer_key%3D9ad9l1omxzbwfr2niq0ce1ly%26oauth_token%3D7116b4d0c72c2736561853d9e50113%26service%3Dv2_prod&oauth_token=7116b4d0c72c2736561853d9e50113&oauth_token_secret=3b7612b5d3&oauth_callback_confirmed=true&oauth_consumer_key=9ad9l1omxzbwfr2niq0ce1ly&oauth_callback=http%3A%2F%2Flocalhost%3A3017%2F
Debug.WriteLine(resp.BodyStr);

// We'll need this for later..
Chilkat.Hashtable hashTab = new Chilkat.Hashtable();
hashTab.AddQueryParams(resp.BodyStr);

string requestToken = hashTab.LookupStr("oauth_token");
string requestTokenSecret = hashTab.LookupStr("oauth_token_secret");
http.OAuthTokenSecret = requestTokenSecret;

Debug.WriteLine("oauth_token = " + requestToken);
Debug.WriteLine("oauth_token_secret = " + requestTokenSecret);

// ---------------------------------------------------------------------------
// The next step is to form a URL to send to the authorizeUrl
// This is an HTTP GET that we load into a popup browser.
Chilkat.StringBuilder sbUrlForBrowser = new Chilkat.StringBuilder();
sbUrlForBrowser.Append(authorizeUrl);
sbUrlForBrowser.Append("?");
sbUrlForBrowser.Append(resp.BodyStr);
string url = sbUrlForBrowser.GetAsString();

// When the url is loaded into a browser, the response from Etsy will redirect back to localhost:3017
// We'll need to start a socket that is listening on port 3017 for the callback from the browser.
Chilkat.Socket listenSock = new Chilkat.Socket();

int backLog = 5;
success = listenSock.BindAndListen(callbackLocalPort,backLog);
if (success == false) {
    Debug.WriteLine(listenSock.LastErrorText);
    return;
}

// Wait for the browser's connection in a background thread.
// (We'll send load the URL into the browser following this..)
// Wait a max of 60 seconds before giving up.
Chilkat.Socket sock = new Chilkat.Socket();
int maxWaitMs = 60000;
Chilkat.Task task = listenSock.AcceptNextAsync(maxWaitMs,sock);
task.Run();

// Launch the system's default browser navigated to the URL.
Chilkat.OAuth2 oauth2 = new Chilkat.OAuth2();
success = oauth2.LaunchBrowser(url);
if (success == false) {
    Debug.WriteLine(oauth2.LastErrorText);
    return;
}

// Wait for the listenSock's task to complete.
success = task.Wait(maxWaitMs);
if (!success || (task.StatusInt != 7) || (task.TaskSuccess != true)) {
    if (!success) {
        // The task.LastErrorText applies to the Wait method call.
        Debug.WriteLine(task.LastErrorText);
    }
    else {
        // The ResultErrorText applies to the underlying task method call (i.e. the AcceptNextConnection)
        Debug.WriteLine(task.Status);
        Debug.WriteLine(task.ResultErrorText);
    }

    return;
}

// If we get to this point, the connection from the browser arrived and was accepted.

// We no longer need the listen socket...
// Stop listening on port 3017.
listenSock.Close(10);

// Read the start line of the request..
string startLine = sock.ReceiveUntilMatch("\r\n");
if (sock.LastMethodSuccess == false) {
    Debug.WriteLine(sock.LastErrorText);
    return;
}

// Read the request header.
string requestHeader = sock.ReceiveUntilMatch("\r\n\r\n");
if (sock.LastMethodSuccess == false) {
    Debug.WriteLine(sock.LastErrorText);
    return;
}

// The browser SHOULD be sending us a GET request, and therefore there is no body to the request.
// Once the request header is received, we have all of it.
// We can now send our HTTP response.
Chilkat.StringBuilder sbResponseHtml = new Chilkat.StringBuilder();
sbResponseHtml.Append("<html><body><p>Chilkat thanks you!</b></body</html>");

Chilkat.StringBuilder sbResponse = new Chilkat.StringBuilder();
sbResponse.Append("HTTP/1.1 200 OK\r\n");
sbResponse.Append("Content-Length: ");
sbResponse.AppendInt(sbResponseHtml.Length);
sbResponse.Append("\r\n");
sbResponse.Append("Content-Type: text/html\r\n");
sbResponse.Append("\r\n");
sbResponse.AppendSb(sbResponseHtml);

sock.SendString(sbResponse.GetAsString());
sock.Close(50);

// The information we need is in the startLine.
// For example, the startLine will look like this:
//  GET /?oauth_token=a3bc8bec84acc31418b68a532e9511&oauth_verifier=b5558d37 HTTP/1.1
Chilkat.StringBuilder sbStartLine = new Chilkat.StringBuilder();
sbStartLine.Append(startLine);
int numReplacements = sbStartLine.Replace("GET /?","");
numReplacements = sbStartLine.Replace(" HTTP/1.1","");
sbStartLine.Trim();

// oauth_token=a3bc8bec84acc31418b68a532e9511&oauth_verifier=b5558d37
Debug.WriteLine("startline: " + sbStartLine.GetAsString());

hashTab.Clear();
hashTab.AddQueryParams(sbStartLine.GetAsString());

requestToken = hashTab.LookupStr("oauth_token");
string authVerifier = hashTab.LookupStr("oauth_verifier");

// ------------------------------------------------------------------------------
// Finally , we must exchange the OAuth Request Token for an OAuth Access Token.

http.OAuthToken = requestToken;
http.OAuthVerifier = authVerifier;

req.HttpVerb = "POST";
req.ContentType = "application/x-www-form-urlencoded";

success = http.HttpReq(accessTokenUrl,req,resp);
if (success == false) {
    Debug.WriteLine(http.LastErrorText);
    return;
}

// Make sure a successful response was received.
if (resp.StatusCode != 200) {
    Debug.WriteLine(resp.StatusLine);
    Debug.WriteLine(resp.Header);
    Debug.WriteLine(resp.BodyStr);
    return;
}

// If successful, the resp.BodyStr contains something like this:
// oauth_token=7898d7ba280dc791586dcfd26b37a9&oauth_token_secret=f2a7c267aa
Debug.WriteLine(resp.BodyStr);

hashTab.Clear();
hashTab.AddQueryParams(resp.BodyStr);

string accessToken = hashTab.LookupStr("oauth_token");
string accessTokenSecret = hashTab.LookupStr("oauth_token_secret");

// The access token + secret is what should be saved and used for
// subsequent REST API calls.
Debug.WriteLine("Access Token = " + accessToken);
Debug.WriteLine("Access Token Secret = " + accessTokenSecret);

// Save this access token for future calls.
// Just in case we need user_id and screen_name, save those also..
Chilkat.JsonObject json = new Chilkat.JsonObject();
json.AppendString("oauth_token",accessToken);
json.AppendString("oauth_token_secret",accessTokenSecret);

Chilkat.FileAccess fac = new Chilkat.FileAccess();
fac.WriteEntireTextFile("qa_data/tokens/etsy.json",json.Emit(),"utf-8",false);

Debug.WriteLine("Success.");