Kick-start brand new XING API with Ruby and OAuth

8th March 2012 – 741 words

Recently, the Social Network released it’s public (closed) beta to API developers. The API uses OAuth for Authentication and REST for the URL design. Here, I want to show, how you make basic requests via XING API. For this example, I will query the user’s profile information (education, professional background etc.)

First, get an Consumer Key and Consumer Secret from

Install required Rubygem OAuth, which simplifies the OAuth process:

gem install oauth

OAuth usually consist of several steps.

When a user visit your website/App the first time, he will have to allow your application to act in his name. So, your app have to generate some keys, redirect the user to XING, and after he come back, he has the important params “oauth_token” and “oauth_secret”. These you can store in your database. The next time, the user visits your site, you can just take the params from the database, and do not have to pull the user through above process again.

Here a minimal class for that purpose:

require "json"
require "oauth"
module XingApi
  # the first functionality of our api: get current user's profile information
  module User
    def current_user
      http = token.get "/v1/users/me"

  class Connector
    include User

    attr_accessor :consumer, :request_token, :token

    def initialize(token, secret, callback)
      @callback = callback
      @consumer =
        :request_token_path => '/v1/request_token',
        :authorize_path     => '/v1/authorize',
        :access_token_path  => '/v1/access_token',
        :site               => ''

    def get_request_token
      @request_token = @consumer.get_request_token(:oauth_callback => @callback)

    def authorize_url
      @request_token.authorize_url(:oauth_callback => @callback)

    def auth_token(params)
      @token = @request_token.get_access_token params

    # Use this method, when user come back again, to generate a new access token
    # auth token and secret
    def from_auth_token_and_secret(token, secret)
      @token = OAuth::AccessToken.from_hash(@consumer,
                                     :oauth_token => token,
                                     :oauth_token_secret => secret)

    def token
      @token || raise( "Please use either #auth_token or #from_auth_token_and_secret to set the AuthToken first" )


To use the api:

# open up a new connection, provide your CONSUMER KEY and SECRET, as well as your
# callback URL, which handles the further authentication step
# after the user accepted your app, he will be redirected to that url
# each of the further steps requires that connect object

# on your register/create... page:
  # redirect the user to that url to
  puts @connect.authorize_url

# on your callback page:
  # initialize the auth token with the params given from the GET request to your page
    :oauth_token => params[:oauth_token],
    :oauth_verifier => params[:oauth_verifier])

  # now you can store both the access token and secret inside your DB:
  @connect.token.token  # e.g. 7ff8789787
  @connect.token.secret # e.g. a278b98c78

  # from this point, you can now use that API
  #-> {"educational_background"=>{"qualifications"=>[], ....

# you can now use the API on behalf of the user any time like:
  @connect.from_auth_token_and_secret  user.oauth_token, user.oauth_secret


Maybe later, I will form that into a gem, but until now, that is just a prove of concept. Thanks to XING for (finally) bringing that API out :)