You should use an existing OAuth library for your application instead of implementing the protocol yourself. Numerous reusable libraries in many languages exist for use with OAuth. For a complete list of libraries, see the official OAuth project's Code section. This page contains some examples of very simple consumers.

Python using rauth library

The following code depicts a simple Python consumer:

from rauth import OAuth1Service

def get_session():
    # Create a new consumer at{username}/api
    CONSUMER_KEY = raw_input('Enter your Bitbucket consumer key: ')
    CONSUMER_SECRET = raw_input('Enter your Bitbucket consumer secret: ')

    # API URLs from

    # Create the service
    bitbucket = OAuth1Service(name='bitbucket',

    # Change CALL_BACK to something that listens for a callback
    # with oauth_verifier in the URL params and automatically stores
    # the verifier.
    CALL_BACK = 'http://localhost?dump'

    # Make the request for a token, include the callback URL.
    rtoken, rtoken_secret = bitbucket.get_request_token(params={'oauth_callback': CALL_BACK})

    # Use the token to rquest an authorization URL.
    authorize_url = bitbucket.get_authorize_url(rtoken)

    # Send the user to Bitbucket to authenticate. The CALL_BACK is the
    # URL. The URL is redirected to after success. Normally, your
    # application automates this whole exchange.
    print 'Visit %s in new browser window.' % (authorize_url)

    # You application should also automated this rather than request
    # it from the user.
    oauth_verifier = raw_input('Enter oauth_verifier here: ')

    # Returns a session to Bitbucket using the verifier from above.
    return bitbucket.get_auth_session(rtoken, rtoken_secret, data={'oauth_verifier': oauth_verifier})

if __name__ == '__main__':
    session = get_session()

    username = raw_input('Enter a username: ')
    repo_slug = raw_input('Enter a repository slug: ')

    url = '' % (username, repo_slug)
    resp = session.get(url)
    print resp.json()