OAuth
AEMP 2 API uses three-legged OAuth Security, an open protocol for authorization on the web. To use this API, your application will need to use three-legged OAuth Security.
 
  1. Create an Application profile on developer.deere.com
    When you create the application profile, it will assign a Client Key and Client Secret to your app. You will sign all API requests with these credentials.
    Learn how to set up an app profile in the Get Started Guide.

  2. Request a Request Token (passing Client key and Client secret).
    Request Token URI: https://developer.deere.com/oauth/oauth10/initiate

    Sign request with your app ID and secret. Pass an oauth_callback parameter in the Authorization header. If you don't have a callback URI, pass oob instead. Passing oob instead of a callback URI will make the token and verifier appear on the screen. The user will then have to copy that information into the app.

  3. Redirects user to authentication URI (passing token).
    Authentication URI: https://developer.deere.com/oauth/oauth10/token

    Verifier Code
    A callback URI can be used to remove the human interaction with the Verifier Code. Learn more about Callback URIs.

  4. Trade Request Token for Access Token.
    Authorization URI: https://developer.deere.com/oauth/auz/authorize

    Notes on Access Tokens:
    • They are valid up to one year. You will have to request another token if the one you have is invalidated.
    • One token is specified to one client and one resource owner.
    • You should store the access token and secret for each user, so that the user does not need to authorize every request made by the client.

Download OAuth sample application.
Note: This sample application uses MyJohnDeere API, not AEMP 2 API.
 
Callback URIs
After the user (resource owner) authorizes the Request Token, MyJohnDeere will redirect the user's browser to the callback URI provided when the client requested the Request Token. The Request Token and Token Verifier will be appended to the callback.
 
For example, if the provided callback is https://example.deere.com/my-great-app and the token is pMhq7hhTpeXV31hK2gz1, the browser will be redirected to https://example.deere.com/my-great-app?oauth_token=pMhq7hhTpeXV31hK2gz1&oauth_verifier=hu5ZN3.
 
The client application should process the oauth_token and oauth_verifier parameters and exchange them for an Access Token (which is then used for subsequent requests on behalf of this user).
 
These steps work particularly well for web-based clients. Other clients have some other options.
  1. Clients can request an Out-of-Band verifier exchange by passing OOB as the callback URI. In this case, MyJohnDeere will display the verifier to the user instead of redirecting their browser.
  2. Clients can register a custom protocol handler with their operating system, and use the custom protocol in their callback URI.
    For example, Acme Company might register the acme: protocol with the OS and include the callback URI acme:myGreatApp. When the browser redirects to acme:myGreatApp?oauth_token={token}&oauth_verifier={verifier}, the OS will hand the URI to the application registered to handle the acme: protocol.
One method to be avoided for capturing the verifier is to embed a web browser into the client application and capture its events. John Deere encourages our users to only enter their credentials into John Deere tools and websites. Given this expectation, users will be uncomfortable entering their credentials into third-party applications. As a result, this method is not allowed.