diff --git a/boot.php b/boot.php
index 8dcc3b56b..ad75a2d25 100755
--- a/boot.php
+++ b/boot.php
@@ -651,6 +651,7 @@ class App {
 	public  $observer   = null;            // xchan record of the page observer
 	public  $profile_uid = 0;              // If applicable, the channel_id of the "page owner"
 	public  $poi        = null;            // "person of interest", generally a referenced connection
+	private $oauth_key  = null;            // consumer_id of oauth request, if used
 	public  $layout     = array();         // Comanche parsed template
 	public  $pdl        = null;
 	private $perms      = null;            // observer permissions
@@ -934,6 +935,7 @@ class App {
 		$this->observer = $xchan;
 	}
 
+
 	function get_observer() {
 		return $this->observer;
 	}
@@ -946,6 +948,14 @@ class App {
 		return $this->perms;
 	}
 
+	function set_oauth_key($consumer_id) {
+		$this->oauth_key = $consumer_id;
+	}
+
+	function get_oauth_key() {
+		return $this->oauth_key;
+	}
+
 	function get_apps() {
 		return $this->apps;
 	}
diff --git a/include/api.php b/include/api.php
index 12247c183..788a84208 100644
--- a/include/api.php
+++ b/include/api.php
@@ -78,11 +78,14 @@ require_once('include/items.php');
 //			list($consumer,$token) = $oauth->verify_request(OAuthRequest::from_request());
 			if (!is_null($token)){
 				$oauth->loginUser($token->uid);
+
+				$a->set_oauth_key($consumer->key);
+
 				call_hooks('logged_in', $a->user);
 				return;
 			}
 			echo __file__.__line__.__function__."<pre>"; 
-			var_dump($consumer, $token); 
+//			var_dump($consumer, $token); 
 			die();
 		}
 		catch(Exception $e) {
diff --git a/include/oauth.php b/include/oauth.php
index 8eb8a83d8..ec754db95 100644
--- a/include/oauth.php
+++ b/include/oauth.php
@@ -20,19 +20,21 @@ class FKOAuthDataStore extends OAuthDataStore {
 		logger(__function__.":".$consumer_key);
 //      echo "<pre>"; var_dump($consumer_key); killme();
 
-		$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
+		$r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id = '%s'",
 			dbesc($consumer_key)
 		);
 
-		if (count($r))
+		if($r) {
+			get_app()->set_oauth_key($consumer_key);
 			return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
+		}
 		return null;
   }
 
   function lookup_token($consumer, $token_type, $token) {
 		logger(__function__.":".$consumer.", ". $token_type.", ".$token);
 
-		$r = q("SELECT id, secret,scope, expires, uid  FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
+		$r = q("SELECT id, secret, scope, expires, uid  FROM tokens WHERE client_id = '%s' AND scope = '%s' AND id = '%s'",
 			dbesc($consumer->key),
 			dbesc($token_type),
 			dbesc($token)
@@ -51,7 +53,7 @@ class FKOAuthDataStore extends OAuthDataStore {
   function lookup_nonce($consumer, $token, $nonce, $timestamp) {
 //		echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
 
-		$r = q("SELECT id, secret  FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
+		$r = q("SELECT id, secret FROM tokens WHERE client_id = '%s' AND id = '%s' AND expires = %d",
 			dbesc($consumer->key),
 			dbesc($nonce),
 			intval($timestamp)
@@ -132,6 +134,7 @@ class FKOAuthDataStore extends OAuthDataStore {
 }
 
 class FKOAuth1 extends OAuthServer {
+
 	function __construct() {
 		parent::__construct(new FKOAuthDataStore());
 		$this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
diff --git a/include/permissions.php b/include/permissions.php
index 68ff2b3d4..f63c6da18 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -65,6 +65,10 @@ function get_perms() {
  */
 function get_all_perms($uid, $observer_xchan, $internal_use = true) {
 
+	$api = get_app()->get_oauth_key();
+	if($api)
+		return get_all_api_perms($uid,$api);	
+
 	$global_perms = get_perms();
 
 	// Save lots of individual lookups
@@ -265,6 +269,10 @@ function get_all_perms($uid, $observer_xchan, $internal_use = true) {
  */
 function perm_is_allowed($uid, $observer_xchan, $permission) {
 
+	$api = get_app()->get_oauth_key();
+	if($api)
+		return api_perm_is_allowed($uid,$api,$permission);
+
 	$arr = array(
 		'channel_id'    => $uid,
 		'observer_hash' => $observer_xchan,
@@ -388,6 +396,82 @@ function perm_is_allowed($uid, $observer_xchan, $permission) {
 	return false;
 }
 
+function get_all_api_perms($uid,$api) {	
+
+	$global_perms = get_perms();
+
+	$ret = array();
+
+	$r = q("select * from xperm where xp_client = '%s' and xp_channel = %d",
+		dbesc($api),
+		intval($uid)
+	);
+
+	if(! $r)
+		return false;
+
+	$allow_all = false;
+	$allowed = array();
+	foreach($r as $rr) {
+		if($rr['xp_perm'] === 'all')
+			$allow_all = true;
+		if(! in_array($rr['xp_perm'],$allowed))
+			$allowed[] = $rr['xp_perm'];
+	}
+
+	foreach($global_perms as $perm_name => $permission) {
+		if($allow_all || in_array($perm_name,$allowed))
+			$ret[$perm_name] = true;
+		else
+			$ret[$perm_name] = false;
+
+	}
+
+	$arr = array(
+		'channel_id'    => $uid,
+		'observer_hash' => $observer_xchan,
+		'permissions'   => $ret);
+
+	call_hooks('get_all_api_perms',$arr);
+
+	return $arr['permissions'];
+
+}
+
+
+function api_perm_is_allowed($uid,$api,$permission) {
+
+	$arr = array(
+		'channel_id'    => $uid,
+		'observer_hash' => $observer_xchan,
+		'permission'    => $permission,
+		'result'        => false
+	);
+
+	call_hooks('api_perm_is_allowed', $arr);
+	if($arr['result'])
+		return true;
+
+	$r = q("select * from xperm where xp_client = '%s' and xp_channel = %d and ( xp_perm = 'all' OR xp_perm = '%s' )",
+		dbesc($api),
+		intval($uid),
+		dbesc($permission)
+	);
+
+	if(! $r)
+		return false;
+
+	foreach($r as $rr) {
+		if($rr['xp_perm'] === 'all' || $rr['xp_perm'] === $permission)
+			return true;
+
+	}
+
+	return false;
+
+}
+
+
 
 // Check a simple array of observers against a permissions
 // return a simple array of those with permission
diff --git a/util/shredder/ShredOAuth.sh b/util/shredder/ShredOAuth.sh
index 9828124c7..f39d6f7c4 100755
--- a/util/shredder/ShredOAuth.sh
+++ b/util/shredder/ShredOAuth.sh
@@ -128,7 +128,7 @@ FO_statuses_update () {
     $(OAuth_param 'status' "$2")
     )
   
-  params[${#params[@]}]=$(OAuth_param 'source' "shred")
+  params[${#params[@]}]=$(OAuth_param 'source' "shredder")
   
   [[ "$3" != "" ]] && params[${#params[@]}]=$(OAuth_param 'in_reply_to_status_id' "$3") && local in_reply_to_status_id=( '--data-urlencode' "in_reply_to_status_id=$3" )