Currently oAuth v1.0, v1.0a are the only ways to authorize your application.
We've also adopted Problem Reporting Extension.
PLAINTEXT (Not recommended)
XSRF Protection and callback
We'r accepting "oauth_callback" only in request_token. If absent then we'r using callback defined in consumer. If both absent then we'r rendering "oauth_verifier" on screen.
You can also disable default callback by specifyin
case sensitive (out-of-band). We'll render oauth_verifier on screen.oauth_callback=oob
Getting Access token
"oauth_verifier" should be used while exchanging request token. Please consult OAuth 1.0a spec.
By default we issue an access token with permission which you asked while registering your application, however you can also apply for "write" permission and it includes read-write-delete permission.
How to get "write" permission?
Please send an additional parameter "perms=write" while sending authorization request.
Eviscape use internal permission, in order to fetch post, member should have permission to read those posts else you'll be give an InsufficientAppPerm error.
Access token is usually granted for 12 months by default but can be granted for maximum of 24 month. All other tokens are granted for 1 hour.