Hi! There's a new version available (api2), recommended for all new and future development.

We plan to continue to support the legacy version of the API well into 2017 (and later if you let us know), but we do recommend all developers migrate to the new api2 format as your development cycle allows. We strongly recommend that all new recipe and grocery API developers begin with http://api2.bigoven.com

Authentication Process

Pass the API Key with Every Request

You'll be passing your API key, issued to you when you're approved to use the API, with every request, as the parameter api_key.

In addition, if you'd like to do things at the BigOven.com user level, like see your favorites or post a review on behalf of a user, you'll need to pass authentication information for that BigOven user. That's different than your api_key; it's an encoded version of the user account information that you'll need to put in the request header.

The authentication process for this user-level part of the BigOven API is based on the HTTP Basic Access Authentication method defined by RFC 1945 (Hypertext Transfer Protocol – HTTP/1.0).

Required Steps

Every API call that requires user level permissions must be made with a correctly set HTTP “Authorization” header. This header presents the user’s credentials to the api.bigoven.com server in Base64 format which can then be decoded by BigOven for verification.

The following template demonstrates the process of generating the Authorization header for a given username and password combination. This simple example, taken from RFC 1945, considers a username “Aladdin” with the password “open sesame”.

Step Value
1 Username Aladdin
2 Password open sesame
3 Combined String Aladdin:open sesame
4 Base64 Encoded Combined QWxhZGRpbjpvcGVuIHNlc2FtZQ==
5 Authorization Header Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
A complete sample request would then take the form
GET /private/index.html HTTP/1.0
Host: localhost
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Fortunately for the API Client, most languages make both Base64 encoding and setting the Authorization header on a request a trivial process.

Not Always Necessary!

It is worth noting that not every API call requires the Authorization header to be set. BigOven public data may be requested without user credentials.

Generally, you'll want to pass authentication information to api.bigoven.com whenever you're doing something on the user's behalf, like posting a review, or fetching the profile of the currently logged in user. General operations, like searching recipes, don't require user-level authentication. Remember that the user information you're passing isn't your user information as a developer, it's that of the user, which you collect in a login dialog and then Base64-it as above to pass to BigOven.com for authentication.