As long as you're able to get a request token you will be able to make these calls. Please see the Oauth flow instructions here. I'd recommend using the Opensocial 0.9 APIs for GETing user status.
Oauth 1.0 and 1.0A Steps - Making Proper API Calls:
Oauth 1.0
1. http://api.myspace.com/request_token?{oauth-signed-parameters} <http://api.myspace.com/request_token?%7boauth-signed-parameters%7d>
(signed oauth request, returns request_token and the secret in the body)
2. http://api.myspace.com/authorize?oauth_token={your-request-token}&oauth_callback={your-callback-url} <http://api.myspace.com/authorize?oauth_token=%7byour-request-token%7d_callback=%7byour-callback-url%7d <http://api.myspace.com/authorize?oauth_token=%7byour-request-token%7d&oauth_callback=%7byour-callback-url%7d> >
(on success authorizes the request_token so you can get an access_token and redirect you to callback)
3. http://api.myspace.com/access_token?oauth_token={your-request-token}&{oauth-signed-parameters} <http://api.myspace.com/access_token?oauth_token=%7byour-request-token%7d%7boauth-signed-parameters%7d <http://api.myspace.com/access_token?oauth_token=%7byour-request-token%7d&%7boauth-signed-parameters%7d> >
(signed oauth request, returns access_token and the secret in response body)
4. store the access_token and secret associated and use it to make other api calls
Oauth 1.0A
1. http://api.myspace.com/request_token?oauth_callback={your-callback-uri}&{more-oauth-signed-parameters} <http://api.myspace.com/request_token?oauth_callback=%7byour-callback-uri%7d%7bmore-oauth-signed-parameters%7d <http://api.myspace.com/request_token?oauth_callback=%7byour-callback-uri%7d&%7bmore-oauth-signed-parameters%7d> >
(signed oauth request, returns ex. oauth_token=ADiOqxLWJmtUH2vX6lB%EvqTseiJPPOp&oauth_token_secret=48ec4365fd62475b88ebaac47ba14&oauth_callback_confirmed=true)
(notice the additional parameter called oauth_callback_confirmed, this means it's 1.0A)
2. http://api.myspace.com/authorize?oauth_token={your-request-token} <http://api.myspace.com/authorize?oauth_token=%7byour-request-token%7d_callback=%7byour-callback-url%7d <http://api.myspace.com/authorize?oauth_token=%7byour-request-token%7d&oauth_callback=%7byour-callback-url%7d> >
(notice that there is no oauth_callback passed into this one)
(an additional parameter is returned on the callback redirect oauth_verifier=961d535d-d6ab-4507-91e8-35c79b8c6691)
3. http://api.myspace.com/access_token?oauth_token={your-request-token}&oauth_verifier={oauth-verifier-from-authorize}&{oauth-signed-parameters} <http://api.myspace.com/access_token?oauth_token=%7byour-request-token%7d_verifier=%7boauth-verifier-from-authorize%7d%7boauth-signed-parameters%7d <http://api.myspace.com/access_token?oauth_token=%7byour-request-token%7d&oauth_verifier=%7boauth-verifier-from-authorize%7d&%7boauth-signed-parameters%7d> >
(signed oauth request, returns access_token and the secret in response body)
Properly encoding your requests:
The base string needs to be percent encoded as below (that's a DIFFERENT scheme than url encoded!):
Base string
GET&http://api.myspace.com/access_token= <http://api.myspace.com/access_token&oauth_token=> {your-token}
GET is percent encoded and http://api.myspace.com/access_token is also percent encoded.
Each parameter in the base is percent encoded and then the whole thing is percent encoded, like so:
PercentEncode(PercentEncode(oauth_token)=PercentEncode({your-token}&other-parameters-done-the-same))
Percent encoding is defined in rfc3986:
http://tools.ietf.org/html/rfc3986
http://labs.apache.org/webarch/uri/rfc/rfc3986.html#percent-encoding
A percent-encoding mechanism is used to represent a data octet in a component when that octet's corresponding character is outside the allowed set or is being used as a delimiter of, or within, the component. A percent-encoded octet is encoded as a character triplet, consisting of the percent character "%" followed by the two hexadecimal digits representing that octet's numeric value. For example, "%20" is the percent-encoding for the binary octet "00100000" (ABNF: %x20), which in US-ASCII corresponds to the space character (SP). Section 2.4 describes when percent-encoding and decoding is applied.
pct-encoded = "%" HEXDIG HEXDIG
The uppercase hexadecimal digits 'A' through 'F' are equivalent to the lowercase digits 'a' through 'f', respectively. If two URIs differ only in the case of hexadecimal digits used in percent-encoded octets, they are equivalent. For consistency, URI producers and normalizers should use uppercase hexadecimal digits for all percent-encodings.
Also, be sure to exclude the status parameter from the base string used to generate your signature, and put it in the post body.
POSTing addendum: when you POST, you need to make sure the Content-Length header matches the size of the content in the body. Also, we attempt to read the OAuth parameters from the body content if the HTTP method is POST/PUT and the ContentType is application/x-www-form-urlencoded. If that is the case, we try to read the OAuth params from the key/value pairs.
Additionally, if you want a more thorough overview of the entirety of Oauth, please see the docs here: http://tools.ietf.org/html/draft-hammer-oauth-08
thanks,
Joel