OAUTH 1.0A REQUEST SIGNING HANDLER

OAuth 1.0a Request Signing Handler

Published July 2020

    •    Updated November 2025

Plugin details

OAuth 1.0a uses the Authorization header as a way to authenticate the client to the OAuth Provider itself using Bubble API Connector.

This Authorization header is required to use, for instance but not limited to, to Twitter (https://developer.twitter.com/en/docs/basics/authentication/oauth-1-0a) or the Noun Project APIs.

Providing an App (a.k.a Consumer, Client) key/secret pair, and optionally token key/secret pair, this plugin action generates the Authorization header to re-use in an API GET or POST signed call.

Sample Authorisation header returned by the plugin: 
Authorization: OAuth oauth_consumer_key = "CONSUMER_API_KEY", oauth_nonce = "OAUTH_NONCE", oauth_signature = "OAUTH_SIGNATURE", oauth_signature_method = "HMAC-SHA1", oauth_timestamp = "OAUTH_TIMESTAMP", oauth_token = "ACCESS_TOKEN", oauth_version = "1.0".

The demo application link: https://oauth10a-demo.bubbleapps.io/version-test

💡 𝗦𝘂𝗯𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗼𝗻𝘀 𝗮𝗿𝗲 𝗽𝗿𝗼𝗿𝗮𝘁𝗲𝗱. 𝗜𝗳 𝘆𝗼𝘂 𝗶𝗻𝘀𝘁𝗮𝗹𝗹 𝗮𝗻𝗱 𝘂𝗻𝘀𝘂𝗯𝘀𝗰𝗿𝗶𝗯𝗲 𝘁𝗵𝗶𝘀 𝗽𝗹𝘂𝗴𝗶𝗻 𝗶𝗻 𝗼𝗻𝗲 𝗱𝗮𝘆 𝘁𝗼 𝘁𝗲𝘀𝘁 𝗶𝘁 𝗼𝘂𝘁, 𝘆𝗼𝘂'𝗹𝗹 𝗼𝗻𝗹𝘆 𝗯𝗲 𝗰𝗵𝗮𝗿𝗴𝗲𝗱 𝟭/𝟯𝟬𝘁𝗵 𝗼𝗳 𝘁𝗵𝗲 𝗺𝗼𝗻𝘁𝗵𝗹𝘆 𝘀𝘂𝗯𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗼𝗻 𝗳𝗲𝗲.

📖 𝗦𝘁𝗲𝗽-𝗯𝘆-𝗦𝘁𝗲𝗽 𝗶𝗻𝘀𝘁𝗿𝘂𝗰𝘁𝗶𝗼𝗻𝘀 𝗮𝗿𝗲 𝘁𝗵𝗲 "𝗜𝗻𝘀𝘁𝗿𝘂𝗰𝘁𝗶𝗼𝗻𝘀" 𝘀𝗲𝗰𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗗𝗲𝗺𝗼 𝗘𝗱𝗶𝘁𝗼𝗿 𝗶𝘀 𝗶𝗻 𝘁𝗵𝗲 "𝗟𝗶𝗻𝗸𝘀" 𝘀𝗲𝗰𝘁𝗶𝗼𝗻 𝗼𝗳 𝘁𝗵𝗲 𝗣𝗹𝘂𝗴𝗶𝗻 𝗣𝗮𝗴𝗲.

Contact us at [email protected] for any support question.

$19

One time • Or $5/mo

 stars   •   0 ratings

54 installs  

This plugin does not collect or track your personal data.

Platform

Web & Native mobile

Contributor details

wise:able

Joined 2020   •   122 Plugins

View contributor profile

Instructions

GENERATE OAUTH1.0A HEADER
===========================

ACTION DESCRIPTION
--------------------------------

  GENERATE OAUTH1.0A HEADER returns the Authorisation header, used to sign the API Request to be re-used in the API Call, using Bubble API Connector.

STEP-BY-STEP SETUP
--------------------------------

0) Generate your API Consumer key/secret pair (and optionally token key/secret pair) on the service that provides the API.

1) In a workflow, use the "Generate OAuth1.0a Header" action, enter the required information and the Base URL. 

The base URL is the URL to which the request is directed, minus any query string or hash parameters. It is important to use the correct protocol here, so make sure that the “https://” portion of the URL matches the actual request sent to the API.

    Inputs Fields :
      - CONSUMER KEY: Consumer or App key, provided by the API service to call.
      - CONSUMER SECRET: Consumer or App Secret, provided by the API service to call.
      - TOKEN KEY: Token key, optional depending on the API service to call.
      - TOKEN SECRET: Token Secret, optional depending on the API service to call.
      - BASE URL: The base URL is the URL to which the request is directed, minus any query string or hash parameters. It is important to use the correct protocol here, so make sure that the “https://” portion of the URL matches the actual request sent to the API.

    Output Fields : 
      - AUTHORIZATION: Returns the Authorisation header, used to sign the API Request to be re-used in the API Call, using Bubble API Connector.

2) Go to "Plugins" section, add the Bubble API Connector plugin, Define an API Name for a new API call, set "None or self-handled" as Authentication, click on "Expand", define a Name, configure the API Call URL (POST or GET) as Action (not Data), Data type JSON, and define a new Headers key named "authorization" and parameterised value as "[AuthHeader]" for instance, allowing to set the Header dynamically in the workflow. Also, set the Body type as JSON.

If you are not familiar with setting up an external API call in Bubble, please refer to the following ressources: 
- Bubble Manual: https://manual.bubble.io/building-plugins/adding-api-connections, the method used is "Private key in header".
- Bubble API Tutorial: https://bubble.io/page?type=page&name=index&id=learn&tab=tabs-1&lesson_ref=4&no_arrow=true.

3) Click on "Enter Manual Response" and fill in {"response":"OK"}. This is a temporary dummy response to make sure the action appears for the next step.

4) Back to the workflow, add after the "Generate OAuth1.0a Header" action your API call action defined at step 2, and map the output of the "Generate OAuth1.0a Header" action in the API Call "authorization" input parameter that you set up at the same step.

5) Initialize the API Call so that Bubble can parse the API response data format. To achieve this, you can either:
    - Set it manually: copy the API response format, typically from your API documentation, and paste it on "Manually enter API response" screen of the screen shown at step 2.
    - Set it automatically: the plugin prints in the Logs section of the application the generated header, which you can paste directly in the value field of Authorization, and use the button Reinitialize call. Do not forget to put back [AuthHeader] in the value field, as generated headers are time-sensitive and need to be regenerated.

IMPLEMENTATION EXAMPLE
======================
Feel free to browse the app editor in the Service URL for an implementation example.

TROUBLESHOOTING
================
Any plugin related error will be posted to the the Logs tab, "Server logs" section of your App Editor.
Make sure that "Plugin server side output" and "Plugin server side output" is selected in "Show Advanced".

> Server Logs Details: https://manual.bubble.io/core-resources/bubbles-interface/logs-tab#server-logs

QUESTIONS ?
===========
Contact us at [email protected] for any additional feature you would require or support questi

Types

This plugin can be found under the following types:

Action

Resources

Support contact

Documentation

Tutorial

Rating and reviews

No reviews yet

This plugin has not received any reviews.

Product

Bubble for

Discover

How Bubble works

Examples

Pricing

Learn

Resources

Community

Company

Legal

Terms

Privacy

©  2026, Bubble Group, Inc. All rights reserved.

Bubble uses cookies

Bubble uses cookies. By using our service you consent to all cookies in accordance with our Cookie Policy. Read more

Save & Close

I agree

I disagree

Show details

Strictly necessary

Performance

Targeting

Functionality

Unclassified

Cookie declaration

About cookies

Strictly necessary

Performance

Targeting

Functionality

Unclassified

Strictly necessary cookies allow core website functionality such as user login and account management. The website cannot be used properly without strictly necessary cookies.

Cookie report
Name	Provider / Domain	Expiration	Description
usprivacy	.bubble.io	1 year	This cookie stores the user's consent state regarding tracking and privacy in compliance with the United States privacy regulation.
__cf_bm	Cloudflare Inc. .calendly.com	29 minutes 45 seconds	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
__cf_bm	Cloudflare Inc. .clutch.co	29 minutes 55 seconds	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
li_gc	LinkedIn Corporation .linkedin.com	5 months 4 weeks	Used to store guest consent to the use of cookies for non-essential purposes
__cf_bm	Cloudflare Inc. .transformo.io	29 minutes 57 seconds	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
meta_u1main	.bubble.io	Session
__cf_bm	Cloudflare Inc. .lu.ma	29 minutes 44 seconds	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
meta_live_u2main.sig	.bubble.io	2 days 23 hours
_GRECAPTCHA	Google LLC www.google.com	5 months 4 weeks	Google reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
__cf_bm	Cloudflare Inc. .producthunt.com	29 minutes 57 seconds	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
_GRECAPTCHA	Google LLC www.recaptcha.net	5 months 4 weeks	Google reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
_gd_session	bubble.io	4 hours	This cookie manages user sessions on the website, ensuring that user interactions are recognized across various web requests. This helps in providing a consistent and accurate user experience.
_scid	Snap Inc. .bubble.io	1 year 1 month
opt_out	.postrelease.com	1 year	This cookie is used to track the user's decision to opt out of cookies on the website, indicating they have chosen not to have their data used for tracking and personalisation purposes.
AWSALBCORS	Amazon.com Inc. storm.birdie.so	6 days 23 hours	For continued stickiness support with CORS use cases after the Chromium update, we are creating additional stickiness cookies for each of these duration-based stickiness features named AWSALBCORS (ALB).
VISITOR_PRIVACY_METADATA	YouTube .youtube.com	5 months 4 weeks	This cookie is used to store the user's consent and privacy choices for their interaction with the site. It records data on the visitor's consent regarding various privacy policies and settings, ensuring that their preferences are honored in future sessions.
__cf_bm	Cloudflare Inc. .lumacdn.com	29 minutes 58 seconds	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
_tt_enable_cookie	.bubble.io	2 months 4 weeks	This cookie is used to remember the user's preferences regarding the use of cookies on the website.
AWSALBCORS	Amazon.com Inc. app.birdie.so	1 week	For continued stickiness support with CORS use cases after the Chromium update, we are creating additional stickiness cookies for each of these duration-based stickiness features named AWSALBCORS (ALB).
__cf_bm	Cloudflare Inc. .t.co	29 minutes 44 seconds	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
__cf_bm	Cloudflare Inc. .twitter.com	29 minutes 44 seconds	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
__cf_bm	Cloudflare Inc. .vimeo.com	29 minutes 58 seconds	This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
__session	.gitbook.com	1 year 1 month	This cookie is used to maintain an anonymized user session by the server.
meta_live_u2main	.bubble.io	2 days 23 hours
CookieScriptConsent	CookieScript .bubble.io	1 year 1 month	This cookie is used by Cookie-Script.com service to remember visitor cookie consent preferences. It is necessary for Cookie-Script.com cookie banner to work properly.
meta-firebase_workflow	.bubble.io	59 minutes 21 seconds

Performance cookies are used to see how visitors use the website, eg. analytics cookies. Those cookies cannot be used to directly identify a certain visitor.

Cookie report
Name	Provider / Domain	Expiration	Description
X-AB	Stack Exchange Inc. sc-static.net	1 day
_ga_G4MHXCYE4T	.bubble.io	1 year 1 month	This cookie is used by Google Analytics to persist session state.
m	Stripe m.stripe.com	1 year 1 month	This cookie is generally used for performance and optimization of payment processing services, facilitating caching of content on the browser to make pages load faster.
_ttp	.bubble.io	2 months 4 weeks	This cookie is used to track user interaction and behavior on the website for site performance and usage analysis. This information is used to improve the user experience and optimize the website's functionality.
analytics_session_id	Cakemail .bubble.io	1 year	This cookie tracks user behavior throughout the session on the website, collecting data such as how long a visitor stays on a page and what links they click on. This information is used to improve user experience and website performance.
data-c	Media.net .media.net	4 weeks 2 days	This cookie is used to collect information on user behavior and interaction to enhance the user experience and measure website performance.
_gd_visitor	bubble.io	1 year 1 month	This cookie is used to track visitors' interactions with the website, collecting data on their behavior for analytics purposes. It helps in understanding how users engage with the site, which parts of the site are most visited, and how the navigation flow is structured, aiming to improve the user experience and site performance.
_ttp	.tiktok.com	2 months 4 weeks	This cookie is used to track user interaction and behavior on the website for site performance and usage analysis. This information is used to improve the user experience and optimize the website's functionality.
analytics_session_id.last_access	.bubble.io	1 year	This cookie is used to store the time of the last access by a user in an analytics session, helping in understanding user engagement and the effectiveness of the website content.
_ga_BFPVR2DEE2	.bubble.io	1 year 1 month	This cookie is used by Google Analytics to persist session state.
ahoy_visit	Teachable store.bubble.io	4 hours	This cookie is used to track a visitor's session, helping to understand how users interact with the site to improve user experience and functionality.
_ga_5Q4JP8E2X4	.bubble.io	1 year 1 month	This cookie is used by Google Analytics to persist session state.
_ga_CEPZJCHM3K	.bubble.io	1 year 1 month	This cookie is used by Google Analytics to persist session state.
data-c-ts	Media.net .media.net	4 weeks 2 days	This cookie is used to time-stamp and perform a time sync for users' sessions, ensuring accurate session time tracking.
_ga	Google LLC .bubble.io	1 year 1 month	This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
_ga_Y168TZXEQ5	.bubble.io	1 year 1 month	This cookie is used by Google Analytics to persist session state.
ajs_anonymous_id	Segment.io Inc. .bubble.io	1 year	These cookies are generally used for Analytics and help count how many people visit a certain site by tracking if you have visited before. This cookie has a lifespan of 1 year.
c	.bidswitch.net	1 year	This cookie is used to identify the frequency of visits and how the visitor accesses the website. It collects data on the user's visits to the website, such as which pages have been read.

Targeting cookies are used to identify visitors between different websites, eg. content partners, banner networks. Those cookies may be used by companies to build a profile of visitor interests or show relevant ads on other websites.

Cookie report
Name	Provider / Domain	Expiration	Description
YSC	Google LLC .youtube.com	Session	This cookie is set by YouTube to track views of embedded videos.
personalization_id	Twitter Inc. .twitter.com	1 year 1 month	This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
CMPRO	Casale Media Inc. .casalemedia.com	2 months 4 weeks	These cookies are linked to advertising and tracking the products users were looking at.
_scid_r	.bubble.io	1 year 1 month	This cookie is used for tracking purposes, helping to identify unique visitors across sessions and track their interactions and engagement on the website.
tv_UICR	.tremorhub.com	4 weeks 2 days	This cookie is used to track user interactions and engagement with the website's content to improve the service and content delivery. It can collect data on user behavior and preferences to facilitate targeted advertising and marketing strategies.
VISITOR_INFO1_LIVE	Google LLC .youtube.com	5 months 4 weeks	This cookie is set by Youtube to keep track of user preferences for Youtube videos embedded in sites;it can also determine whether the website visitor is using the new or old version of the Youtube interface.
tvid	Tremor Video DSP .tremorhub.com	1 year	This cookie is used for tracking user interaction and engagement with the website's content, helping in the improvement and optimization of online services provided. It may also be used for delivering personalized advertising experiences.
uid	.criteo.com	1 year	This cookie provides a uniquely assigned, machine-generated user ID and gathers data about activity on the website. This data may be sent to a 3rd party for analysis and reporting.
_uetsid	Microsoft Corporation .bubble.io	1 day	This cookie is used by Bing to determine what ads should be shown that may be relevant to the end user perusing the site.
lidc	Microsoft Corporation .linkedin.com	1 day	This is a Microsoft MSN 1st party cookie that ensures the proper functioning of this website.
_uetvid	Microsoft Corporation .bubble.io	1 year 3 weeks	This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website.
addshoppers	shop.pe	1 year 1 month	This cookie is used to track user interaction and sharing behavior on social media platforms, enabling personalized marketing and social media sharing capabilities.
_gcl_au	Google LLC .bubble.io	3 months	Used by Google AdSense for experimenting with advertisement efficiency across websites using their services
addshoppers.com	bubble.io	1 year 1 month	This cookie is associated with the AddShoppers social sharing platform, a technology that integrates with websites to enable tracking and sharing capabilities across social networks. It supports social media integration and can gather data regarding sharing and social interactions on the site to help understand user influence and to enhance marketing strategies.
CMID	Casale Media Inc. .casalemedia.com	1 year	These cookies are linked to advertising and tracking the products users were looking at.
bcookie	Microsoft Corporation .linkedin.com	1 year	This is a Microsoft MSN 1st party cookie for sharing the content of the website via social media.
tuuid_lu	.bidswitch.net	1 year	Contains a unique visitor ID, which allows Bidswitch.com to track the visitor across multiple websites. This allows Bidswitch to optimize advertisement relevance and ensure that the visitor does not see the same ads multiple times.
tuuid	.bidswitch.net	1 year	This cookie is mainly set by bidswitch.net to make advertising messages more relevant to the website visitor.
_fbp	Meta Platform Inc. .bubble.io	2 months 4 weeks	Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers
ab	.agkn.com	1 year	This cookie is generally provided by agkn.com and is used for advertising purposes.
demdex	Adobe Inc. .demdex.net	5 months 4 weeks	This cookie helps Adobe Audience Manger perform basic functions such as visitor identification, ID synchronization, segmentation, modeling, reporting, etc.
sc_at	Snap Inc. .snapchat.com	1 year
MUID	Microsoft Corporation .bing.com	1 year	This cookie is widely used my Microsoft as a unique user identifier. It can be set by embedded microsoft scripts. Widely believed to sync across many different Microsoft domains, allowing user tracking.
dpm	Adobe Inc. .dpm.demdex.net	5 months 4 weeks	Adobe Audience Manager - data management platform uses this cookie to record information around synchronisation of IDs.
CMPS	Casale Media Inc. .casalemedia.com	2 months 4 weeks	These cookies are linked to advertising and tracking the products users were looking at.

Functionality cookies are used to remember visitor information on the website, eg. language, timezone, enhanced content.

Cookie report
Name	Provider / Domain	Expiration	Description
ajs_anonymous_id	Segment.io Inc. .loom.com	1 year 1 month	These cookies are generally used for Analytics and help count how many people visit a certain site by tracking if you have visited before. This cookie has a lifespan of 1 year.
loom_anon_comment	Loom .loom.com	1 year 1 month	This cookie is used to differentiate anonymous users when they leave comments on holaspirit.com, enabling the identity of the commenter to remain unknown for privacy.
_cfuvid	.vimeo.com	Session	This cookie is used for purposes of tracking users across sessions to optimize user experience by maintaining session consistency and providing personalized services.
__stripe_mid	Stripe Inc. .bubble.io	1 year	This cookie is set by Stripe to distinguish users and enable secure payment processing during interactions with the website.
_cfuvid	.calendly.com	Session	This cookie is used for purposes of tracking users across sessions to optimize user experience by maintaining session consistency and providing personalized services.
ajs_anonymous_id	Segment.io Inc. demo.arcade.software	1 year	These cookies are generally used for Analytics and help count how many people visit a certain site by tracking if you have visited before. This cookie has a lifespan of 1 year.
__stripe_sid	Stripe Inc. .bubble.io	29 minutes 58 seconds	This cookie is set by Stripe to manage and process payments securely, allowing temporary storage of session related information during a users visit to the website.
loom_referral_video	Loom, Inc. .www.loom.com	Session	This cookie is used to track referrals and video plays across the website, enabling the website to attribute video views to the correct referral sources.
MSPTC	Microsoft .bat.bing.com	1 year	This cookie is used to track user engagement and interaction with the website to enhance customer experience and website functionality. It may collect information about how users navigate and use the site, helping to identify preferences and improve service delivery.
visitor-id	Media.net .media.net	1 year	This cookie is used to identify unique visitors across the website to provide a consistent and personalized experience.

Unclassified cookies are cookies that do not belong to any other category or are in the process of categorization.

Cookie report
Name	Provider / Domain	Expiration
__Secure-ROLLOUT_TOKEN	.youtube.com	5 months 4 weeks
ttcsid	.bubble.io	2 months 4 weeks
intercom-device-id-cz703g22	.bubble.io	8 months 4 weeks
intercom-session-cz703g22	.bubble.io	1 week
kwsu	ciqtracking.com	1 year 1 month
CrossDomainCookieScriptConsent_239	.crossdomain.cookie-script.com	1 year 1 month
__BROWSER__	store.bubble.io	Session
ahoy_visitor	store.bubble.io	1 year 1 month
bubble-certifications_live_u2main	.certification.bubble.io	3 days
_ScCbts	.bubble.io	1 week
_brilliant_session	.bubble.io	Session
bubble-certifications_live_u2main.sig	.certification.bubble.io	3 days
ttcsid_CRGSJIJC77UAMBH9S77G	.bubble.io	2 months 4 weeks
bubble-certifications_u1main	.certification.bubble.io	Session
_iub_cs-57859130-uspr	.bubble.io	1 year
intercom-id-cz703g22	.bubble.io	8 months 4 weeks
muc_ads	Twitter .t.co	1 year 1 month
upgrade_pv_1487181547537x364191731148390400	bubble.io	1 week

Cookies are small text files that are placed on your computer by websites that you visit. Websites use cookies to help users navigate efficiently and perform certain functions. Cookies that are required for the website to operate properly are allowed to be set without your permission. All other cookies need to be approved before they can be set in the browser.

You can change your consent to cookie usage at any time on our Privacy Policy page.

Your consent will also apply to the following websites:

bubble.io
flusk.eu