Available since BellaDati 2.9.18 |
Process
Get the User’s Permission
Request Structure
URL | https://service.belladati.com/auth/oauth/request
|
---|
Method | POST
|
---|
Parameters | client_id : Your account's client id. To configure it, please visit your domain settings page.redirect_uri : Tells the authorization server where to send the user back to after they approve the request.response_type=CODE : This tells the authorization server that the application is initiating the authorization code flow.state : The application generates a random string and includes it in the request. It should then check that the same value is returned after the user authorizes the app.
|
---|
Example | http://service.belladati.com/auth/oauth/request:new?client_id=8208110359&redirect_uri=http://service.belladati.com/auth&response_type=CODE&state=122342 |
---|
Returns | Opens authorization page https://service.belladati.com/redirect?code=g0ZGZmNjVmOWIjNTk2NTk4ZTYyZGI3&state=122342
|
---|
Authorize the request
When a user visits this URL, the authorization server will present them with a pop-up asking if they would like to authorize this application’s request.
If the user approves the request, the authorization server will redirect the browser back to the redirect_uri specified by the application, adding a code and state to the query string.
https://service.belladati.com/redirect?code=g0ZGZmNjVmOWIjNTk2NTk4ZTYyZGI3&state=122342
Exchange the Authorization Code for an Access Token
Request Structure
URL | http://localhost:8080/oauth/v2/accessToken
|
---|
Method | POST
|
---|
Parameters | grant_type=authorization_code : This tells the token endpoint that the application is using the Authorization Code grant type.code : The application includes the authorization code it was given in the redirect.redirect_uri : The same redirect URI that was used when requesting the code.client_id : Your account's client id. To configure it, please visit your domain settings page.client_secret : The application’s client secret. This ensures that the request to get the access token is made only from the application, and not from a potential attacker that may have intercepted the authorization code.
|
---|
Example | http://localhost:8080/oauth/v2/accessToken?grant_type=authorization_code&code=WM0iK6vhik2aUvGmvjiAjl4q3nvWqE3uUcd1Y93V&redirect_uri=http://localhost&client_id=8208110359 |
---|
Returns | JSON with access token HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
{
"access_token":"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk",
}
|
---|