Authorization Code Grant
1. Login
Returns login page for a user to authenticate
Endpoint:
GET /{langCode}/auth
Headers:
Content-Type:application/x-www-form-urlencoded
Query:
response_type=code
client_id={app’s client_id}
redirect_uri={redirect uri}
autoDarkMode={1|0}
1 - OS theme
0 - light theme
CODE
2. One time access code receiving
After login process is completed server will point user to provided redirect_uri with generated access code included as url parameter
Endpoint:
HTTP/1.1 302 Found
Headers:
Location: {redirect_uri}
Query:
code={generated one time access code}
CODE
3. Retrieving an access token
Authentication token endpoint: POST /api/auth/token
If authentication happens, you'll receive an access token that must be provided at any other API endpoint.
Example Request
Endpoint:
POST /api/auth/token
Headers:
Content-Type:application/json
Query:
grant_type="authorization_code"
scope="{scopes}"
client_id={app client_id}
client_secret={app secret}
code={generated one time access code}
CODE
Example Response
{
"access_token": "{your_bearer_token}",
"token_type": "Bearer",
"expires_in": 1800,
"scope": "{granted scopes}"
}
CODE