This sample application demonstrates how to use the Pinterest API in PHP. It first uses OAuth 2.0 to get an access token, and then uses the access token to get user and Pin information from the API.
* @license Apache License Version 2.0, January 2004 * @link https://github.com/pinterest/api-quickstart */ /* This code is common to both the initial page and the callback page. */ session_start(); /* Reminder: this code requires PHP version 8. */ $client_id = getenv('PINTEREST_APP_ID'); $redirect_uri = 'http://localhost:8085/'; if (!$client_id) { ?>You must run ". ../common/scripts/api_env" before starting the PHP server to run this demo.
This page is the callback from the OAuth 2.0 authorization page. It should be displayed when following the demo without automatic redirect or if there is some sort of error.
The way that this page knows that this is the callback is because the GET request for this page has a code parameter. You can see this code in the address bar of the browser.
The code (which should normally be kept secret) is:
The state parameter is a random string that is generated by the application on the initial page. It is used to prevent cross-site request forgery attacks. If you look at the request in the address bar of the browser, you'll see the state parameter in the URL that was generated by the Pinterest OAuth server.
The state parameter in the request matches the state in the session, so the request is valid. This state is currently:
Security Issue: The state in the request does not match the state
in the session.
Expected:
Actual:
To recover from this problem, you can click this button to start over:
The next step is to use the code returned by the Pinterest API to get an access token.
"authorization_code", "code" => $_GET['code'], "redirect_uri" => $redirect_uri, ); $data = http_build_query($params); /* encode URL parameters */ $curl = curl_init(); curl_setopt_array( $curl, array( CURLOPT_URL => $auth_url, CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => $data, CURLOPT_HTTPHEADER => $headers ) ); $result_json = curl_exec($curl); /* call the Pinterest API */ /* extract JSON into structure */ $result = json_decode($result_json, true); curl_close($curl); if (array_key_exists('access_token', $result)) { $_SESSION['access_token'] = $result['access_token']; ?>
Here is the access token returned by the API:
Ordinarily, this access token would be saved in a database or other persistent storage. For this demo, it is saved in the session. It also shouldn't be printed out in cleartext, but it's printed here for demonstration purposes.
Since this instance of the demo does not automatically redirect, the next step is to click this button to continue to the demo page:
Or you can click this button to start over:
There was an error getting the access token.
Here is the JSON returned by the API that should provide
insight into the error:
To recover from this problem, you can click this button to start over:
Click this button to see each step in the OAuth process:
For real applications, the callback page should not be shown to the user.
Click this button to see this normal flow where the callback page is skipped.