rev. 228
Introduction
Sign up
Examples
services/apiref
issue
method
method_index
services/apisrv
installation
installations
stats
services/caches
geocache
geocaches
services/caches/formatters
garmin
gpx
services/caches/search
all
bbox
nearest
services/caches/shortcuts
search_and_retrieve
services/logs
logs
submit
userlogs
services/oauth
access_token
authorize
request_token
services/users
by_internal_id
by_internal_ids
by_username
by_usernames
user
users

The OKAPI Project
:: OpenCaching API Reference

OKAPI is a public API project for National OpenCaching sites (also known as OpenCaching Nodes).

  • It provides your site with a set of useful well-documented API methods,
  • Allows external developers to easily read public OpenCaching data,
  • Allows read and write private (user-related) data with OAuth 3-legged authentication.

The project is aiming to become a standard API for all National OpenCaching.xx sites. This OKAPI installation provides API for the http://www.opencaching.us/ site. Check out other OKAPI installations:

How can I use OKAPI?

We assume that you're a software developer and you know the basics.

OKAPI is a set of simple (REST) web services. Basicly, you make a proper HTTP request, and you receive a JSON-formatted data, that you may parse and use within your own application.

Example. Click the following link to run a method that prints out the list of all available methods:

You've made your first OKAPI request! This method was a simple one. It didn't require any arguments and it didn't require you to use a Consumer Key. Other methods are more complex and require you to use your own API key.

Authentication Levels

Each OKAPI method has a minimum authentication level.

This means, that if you want to call a method which requires "Level 1" authentication, you have to use "Level 1" authentication or higher ("Level 2" or "Level 3" will also work).

Important: Most developers will only need to use "Level 1" authentication and don't have to care about OAuth.

  • Level 0. Anonymous. You may call this method with no extra arguments.

    some_method?arg=44

  • Level 1. Simple Consumer Authentication. You must call this method with consumer_key argument and provide the key which has been generated for your application on the Sign up page.

    some_method?arg=44&consumer_key=a7Lkeqf8CjNQTL522dH8

  • Level 2. OAuth Consumer Signature. You must call this method with proper OAuth Consumer signature (based on your Consumer Secret).

    some_method
    ?arg=44
    &oauth_consumer_key=a7Lkeqf8CjNQTL522dH8
    &oauth_nonce=1987981
    &oauth_signature_method=HMAC-SHA1
    &oauth_timestamp=1313882320
    &oauth_version=1.0
    &oauth_signature=mWEpK2e%2fm8QYZk1BMm%2fRR74B3Co%3d

  • Level 3. OAuth Consumer+Token Signature. You must call this method with proper OAuth Consumer+Token signature (based on both Consumer Secret and Token Secret).

    some_method
    ?arg=44
    &oauth_consumer_key=a7Lkeqf8CjNQTL522dH8
    &oauth_nonce=2993717
    &oauth_signature_method=HMAC-SHA1
    &oauth_timestamp=1313882596
    &oauth_token=AKQbwa28Afp1YvQAqSyK
    &oauth_version=1.0
    &oauth_signature=qbNiWkUS93fz6ADoNcjuJ7psB%2bQ%3d

GET or POST?

Whichever you want. OKAPI will treat GET and POST requests as equal. You may also use the HTTP Authorization header for passing OAuth arguments. OKAPI does not allow usage of PUT and DELETE requests.

Common formatting parameters

Most of the methods return simple objects, such as list and dictionaries of strings and integers. Such objects can be formatted in several ways using common formatting parameters:

  • format - name of the format in which you'd like your result to be returned in. Currently supported output formats:

    • json - JSON format (default),

      Important: Use Chrome or Firefox extensions to view JSON results directly in your browser. This simplifies debugging a lot!

    • jsonp - JSONP format, if you choose this one, you have to specify the callback parameter,
    • xmlmap - XML format. This is produced by mapping JSON datatypes to XML elements. Keep in mind, that XML format is larger than JSON and it takes more time to generate. Try to use JSON when it's possible.
  • callback - (when using JSONP output format) name of the JavaScript function to be executed with the result as its parameter.

Important: Almost all of the returned datatypes are extendible. This means, that (in future) they may contain data that you do not expect to be there. Such data will be included in backward-compatible manner, but still you should remember about it in some cases (i.e. when iterating over attributes of an object). The additional data might include special elements in GPX files or special keys in JSON responses. Your software must ignore such occurances if it doesn't understand them!

Some methods expose some special formatting of their own, for example, they may return a JPEG or a GPX file. Such methods do not accept common formatting parameters.

OAuth Dance URLs

If you want to use Level 3 methods, you will have to make "the OAuth dance" (series of method calls and redirects which provide you with an Access Token).

The three OAuth request URLs defined in the OAuth specification are:

Things you should pay attantion to:

  • The oauth_callback argument of the request_token method is required.

    As the OAuth 1.0a specification states, it should be set to "oob" or a callback URL in case you have a web front-end for your application.

    For most OAuth client libraries, you just should provide "http://www.opencaching.us/okapi/services/oauth/request_token?oauth_callback=oob" as the request_token URL, to get it started. Later, probably you'd want to switch "oob" to something else.

  • The oauth_verifier argument of the access_token method is also required.

    When user authorizes your application, he will receive a PIN code (OAuth verifier). You have to use this code to receive your Access Token.

  • Access Tokens do not expire (but can be revoked). This means, that once the user authorizes your application, you receive a "lifetime access" to his/her account (it does not expire after several hours). User may still revoke access to his account from your application - when this happens, you will have to redo the autorization dance.

How can I participate in OKAPI development?

OKAPI is Open Source and everyone is welcome to participate in the development. In fact, if you'd like a particular method to exist, we encourage you to submit your patches.

We have our Issue tracker. You can use it to contact us!
You may also contact some of the developers directly, if you want.

Visit project homepage for details: http://code.google.com/p/opencaching-api/

List of available methods

Currently available OKAPI web services (methods):