Question:
Hi everyone, I’m trying to integrate with the ImmoScout API using OAuth 1.0a but I’m running into an issue. My current setup is using express
, axios
, and the oauth-1.0a
package.
The problem:
When I try to get the request token or access token, I receive the following error response:
<common:messages xmlns:common="http://rest.immobilienscout24.de/schema/common/1.0">
<message>
<messageCode>ERROR_BAD_REQUEST</messageCode>
<message>Inadequate OAuth consumer credentials.</message>
</message>
</common:messages>
My code:
Below is the code I’m using to authenticate and make API calls:
const express = require('express');
const bodyParser = require('body-parser');
const OAuth = require('oauth-1.0a');
const axios = require('axios');
const crypto = require('crypto');
const app = express();
app.use(bodyParser.urlencoded({ extended: true }));
const SANDBOX_URL = "https://rest.sandbox-immobilienscout24.de";
const REQUEST_TOKEN_URL = `${SANDBOX_URL}/restapi/security/oauth/request_token`;
const ACCESS_TOKEN_URL = `${SANDBOX_URL}/restapi/security/oauth/access_token`;
const ACCESS_CONFIRMATION_URL = `${SANDBOX_URL}/restapi/security/oauth/confirm_access`;
const RESOURCE_ENDPOINT_URL = `${SANDBOX_URL}/restapi/api/offer/v1.0/user/me/realestate/`;
const CLIENT_KEY = '';
const CLIENT_SECRET = '';
let requestTokenRepository = {};
let accessTokenRepository = {};
const oauth = OAuth({
consumer: { key: CLIENT_KEY, secret: CLIENT_SECRET },
signature_method: 'HMAC-SHA1',
hash_function(baseString, key) {
return crypto.createHmac('sha1', key).update(baseString).digest('base64');
},
});
// Initialize token exchange
app.get('/initialize-token-exchange', async (req, res) => {
const callbackUrl = `http://localhost:${process.env.PORT || 3000}/callback`;
const requestTokenParams = {
url: REQUEST_TOKEN_URL,
method: 'POST',
data: { oauth_callback: callbackUrl },
};
try {
const requestTokenResponse = await axios(requestTokenParams);
const requestToken = requestTokenResponse.data;
const userName = req.user.name;
requestTokenRepository[userName] = requestToken;
res.redirect(`${ACCESS_CONFIRMATION_URL}?oauth_token=${requestToken.oauth_token}`);
} catch (error) {
console.error(error);
res.status(500).send('Error obtaining request token');
}
});
// OAuth callback handling
app.get('/callback', async (req, res) => {
const { state, oauth_token, oauth_verifier } = req.query;
const userName = req.user.name;
if (state !== 'authorized') return res.status(401).send('Authorization was rejected.');
const latestRequestToken = requestTokenRepository[userName];
if (!latestRequestToken || latestRequestToken.oauth_token !== oauth_token) {
return res.status(400).send('Invalid request token.');
}
try {
const accessTokenParams = {
url: ACCESS_TOKEN_URL,
method: 'POST',
data: { oauth_verifier },
headers: oauth.toHeader(oauth.authorize(requestTokenParams, latestRequestToken)),
};
const accessTokenResponse = await axios(accessTokenParams);
accessTokenRepository[userName] = accessTokenResponse.data;
res.redirect('/load-real-estates');
} catch (error) {
console.error(error);
res.status(500).send('Error exchanging for access token');
}
});
// Load real estates
app.get('/load-real-estates', async (req, res) => {
const userName = req.user.name;
const accessToken = accessTokenRepository[userName];
if (!accessToken) return res.redirect('/initialize-token-exchange');
try {
const resourceParams = {
url: RESOURCE_ENDPOINT_URL,
method: 'GET',
headers: oauth.toHeader(oauth.authorize(resourceParams, accessToken)),
};
const realEstatesResponse = await axios(resourceParams);
res.send(realEstatesResponse.data);
} catch (error) {
console.error(error);
res.status(500).send('Error loading real estates');
}
});
// Start server
const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
console.log(`Server is running on http://localhost:${PORT}`);
});
Questions:
- Is there anything wrong with my OAuth implementation or the way I’m signing the requests?
- Could this issue be related to incorrect scopes, permissions, or API configuration?
- Are there specific headers or additional parameters I might be missing?
I’d appreciate any help or guidance to resolve this issue! Thanks in advance.
What I’ve tried:
- Double-checked the
CLIENT_KEY
andCLIENT_SECRET
to ensure they are correct. - Used both sandbox and production URLs.
- Made sure that the callback URL is correctly set to
http://localhost:3000/callback
. - Validated my request token logic, but I still get the “Inadequate OAuth consumer credentials” error.