Authorizing OAuth Apps

You can enable other users to authorize your OAuth App.

The web application flow to authorize users for your app is:

  1. Users are redirected to request their AmanzMe identity
  2. Users are redirected back to your site by AmanzMe
  3. Your app accesses the API with the user's access token

Request a user's AmanzMe identity

GET https://amanz.me/oauth/authorize

Parameters

Name Type Description
client_id string Required. The client ID you received from AmanzMe when you register your app.
redirect_url string The URL in your application where users will be sent after authorization.
response_type string The type of response wanted. Use code as the default.
state string An unguessable random string. It is used to protect against cross-site request forgery attacks.

Users are redirected back to your site by AmanzMe

If the user accepts your request, AmanzMe redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. The temporary code will expire after 10 minutes. If the states don't match, then a third party created the request, and you should abort the process.

Exchange this code for an access token:

POST https://amanz.me/oauth/token

Parameters

Name Type Description
client_id string Required. Required. The client ID you received from AmanzMe for your OAuth App.
client_secret string Required. The client secret you received from AmanzMe for your OAuth App.
code string Required. The code you received as a response to Step 1.
redirect_url string The URL in your application where users are sent after authorization.
state string The unguessable random string you provided in Step 1.

Use the access token to access the API

The access token allows you to make requests to the API on a behalf of a user.

Authorization: token OAUTH-TOKEN

For example, in curl you can set the Authorization header like this:

curl -H "Authorization: token OAUTH-TOKEN" url