Tips: Authenticating to Pearson LearningStudio with oAuth1.0

In the Pearson application there are 2 types of authentication methods, oAuth1.0 and oAuth2.0.

Pearson LearningStudio API supports both OAuth 1.0 and OAuth 2.0 authentication methods.

When building an integration to communicate with Pearson LearningStudio we used the OAuth 1.0 module. Here is an example of how to get the authentication working:


1) Prepare all the required credentials:

  1. request_url
  2. consumer_key
  3. application_id
  4. consumer_secret
  5. timestamp
  6. nonce


2) Generate the timestamp. You should convert current time to seconds.

Code snippet:

long timeStamp = new Date().getTime()/1000;


3) Generate nonce, a random alphanumeric string. You can only use numbers or letters, you can’t just use letters. This nonce needs to be unique per request. Any duplicate nonce value will be rejected. The nonce must not exceed 32 characters.

Code snippet:

Random nonceGenerator = new SecureRandom();
// Any number between 0 to 999999999
long nonce = nonceGenerator.nextInt(999999999);


4) Prepare the signatureBaseString.

Code snippet:

// Method such as GET or POST in upper case

String method = method.toUpperCase();

// Prepare the resource path and encode it

String resourcePath = “/courses/10000”;

String encodedResourcePath = URLEncoder.encode(resourcePath, “UTF8”);

// Make sure that this string is URL encoded. For example ‘=’ is encoded to %3D

String signatureBaseString = method + “&” + encodedResourcePath + “&application_id%3D” +

applicationID + “%26oauth_consumer_key%3D” + consumerKey + “%26oauth_nonce%3D” + nonce + “%26oauth_signature_method%3DCMAC-AES%26oauth_timestamp%3D” + timeStamp;


5) Prepare the signature by signing the signatureBaseString with the consumer secret.


6) Use Base64 to encode the signature to produce the encodedSignature.


7) Once it’s ready you can use it to build the X-Authroization header using the follow format:

String authHeader = “OAuth realm=\”” + baseURL + “\”,oauth_consumer_key=\”” + consumerKey + “\”,application_id=\”” +

applicationID + “\”, oauth_signature_method=\”CMAC-AES\”,oauth_timestamp=\”” + timeStamp + “\”,oauth_nonce=\”” + nonce + “\”,oauth_signature=\”” + encodedSignature + “\””;