To illustrate the responses we get from the OAuth 2.0 protocol a little bit, let's take a look at the following request made on the command line:

curl -XGET http://zf2-api/api/wall/tbhot3ww

If we try to get the wall of a user without specifying the OAuth 2.0 access token as we did in the preceding curl request, we will receive the following response:

{"errorCode":401,"errorMsg":"Unauthorized"}

Now let's try to follow the OAuth 2.0 flow in order to make a successful request. The first thing we need to do is log in to the system and get a

l -XPOST http://zf2-api/api/users/login
--data-urlencode "username=tbhot3ww" 
--data-urlencode "password=111111" 
--data-urlencode "grant_type=client_credentials" 
--data-urlencode "client_id=zf2-client" 
--data-urlencode "client_secret=mysupersecretpass"

As you can see, we are sending the username, password, grant_type, client_id, and the client_secret parameters in the curl request. On our PHP code, the ApiClient object is taking care of this.

{
    "access_token":"3c90975e915d84b444d420703b5d7aca73a4f101",
    "expires_in":3600,
    "token_type":"bearer",
    "scope":null
}

This is how the response of the API will look. As you can see the response includes an access token, which can be used for future requests.

Finally, as we have the access token, we can perform another curl request including it to receive the wall data.

curl http://zf2-api/api/wall/tbhot3ww?access_token=3c90975e915d84b444d420703b5d7aca73a4f101

This is how the request looks like with the access token. If you are following this example, remember that you will get a different access token than mine and you will have to update the curl request accordingly.

After issuing the request, you will receive a response that looks as follows:

{"feed":[
    {
        "id":"2",
        "user_id":"1",
        "url":"http://www.google.es",
        "title":"Google",
        "created_at":"2013-06-0122:22:55",
        "updated_at":null
    },
    {
        "id":"2",
        "user_id":"1",
        ...