oauth
Generate and manage OAuth tokens.
getAuthorize a user
Displays an authorization form to the user. If approved, it will create and return an authorization code, then redirect to the desired redirect_uri
, or show the authorization code if urn:ietf:wg:oauth:2.0:oob
was requested. The authorization code can be used while requesting a token to obtain access to user-level methods.
Request
Form Data Parameters
string
string
code
.string
string
urn:ietf:wg:oauth:2.0:oob
then the authorization code will be shown instead. Must match one of the redirect URIs declared during app registration.string
read
.Response
200: Success
The authorization code will be returned as a query parameter named code
.
redirect_uri?code=qDFUEaYrRK5c-HNmTCJbAzazwLRInJ7VHFat0wcMgCU
400:
If the authorization code is incorrect or has been used already, the request will fail.
{
"error": "invalid_grant",
"error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
postObtain a token
Returns an access token, to be used during API calls that are not public.
Request
Form Data Parameters
string
string
string
string
read
.string
string
authorization_code
if code
is provided in order to gain user-level access. Otherwise, set equal to client_credentials
to obtain app-level access only.Response
200: Success
Store this access_token for later use with auth-required methods. The token should be passed as an HTTP Authorization
header when making API calls, with the value Bearer access_token
{
"access_token": "ZA-Yj3aBD8U8Cm7lKUp-lm9O9BmDgdhHzDeqsY8tlL0",
"token_type": "Bearer",
"scope": "read write follow push",
"created_at": 1573979017
}
400:
If you try to request a scope that was not included when registering the app, the request will fail.
{
"error": "invalid_scope",
"error_description": "The requested scope is invalid, unknown, or malformed."
}
401: Unauthorized
If client_id and client_secret do not match or are invalid, the request will fail.
{
"error": "invalid_client",
"error_description": "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}
postRevoke token
Revoke an access token to make it no longer valid for use.
Request
Form Data Parameters
string
string
string
Response
200: Success
If you own the provided token, the API call will provide an empty response. This operation is idempotent, so calling this API multiple times will still return OK.
{}
403: Forbidden
If you provide a token you do not own, or no token at all, the API call will return a 403 error.
{
"error": "unauthorized_client",
"error_description": "You are not authorized to revoke this token"
}
Last updated December 27, 2020 · Improve this page