search
HomeApp

Authorizing OAuth Apps

Learn how to enable other users to authorize your OAuth App.

TextMaster's OAuth implementation supports the standard Authorization Code Grantarrow-up-right.

See the skip authorization section if you want to skip authorizing your app in the standard way, such as when testing your app, you can use our special callback url.

To authorize your OAuth app, consider which authorization flow best fits your app:

hashtag
Web Application Flow

The web application flow to authorize users for your app is:

  1. Users are redirected to request their TextMaster identity

  2. Users are redirected back to your site by TextMaster

  3. Your app accesses the API with the user's access token

hashtag
Request a user's TextMaster identity

Use the following query to request user's TextMaster identity. User will have to be signed in to authorize your app.

hashtag
Request a user's TextMaster identity

GET https://app.textmaster.com/oauth/authorize

hashtag
Query Parameters

Name
Type
Description

client_id*

String

The client ID you received from TextMaster when you registered your app.

redirect_uri*

String

The callback URL that is configured in your registered app.

scope*

String

A space-delimited list of scopes.

response_type*

String

Value must be code (required by the OAuth specification).

hashtag
Users are redirected back to your site by TextMaster

If the user accepts your request, TextMaster redirects back to your site with a temporary code in a code parameter. The temporary code will expire after 10 minutes.

Exchange this code for an access token:

hashtag
Exchange an OAuth code for a user's access token

POST https://app.textmaster.com/oauth/token

hashtag
Query Parameters

Name
Type
Description

client_id*

String

The client ID you received from TextMaster when you registered your app.

client_secret*

String

The client secret you received from TextMaster when you registered your app.

grant_type*

String

Value must be authorization_code (required by the OAuth specification).

redirect_uri

String

The same callback URL as sent in step 1.

code*

String

The code you received as a response to step 1.

The response includes two tokens:

  • An access_token which is used to access the API on behalf of a user

  • A refresh_token which is used to get a new access token when it has expired

circle-info

Tips: Access token expires after 8 hours. For more information about refresh tokens, see Refreshing access tokens.

hashtag
Use the access token to access the API

The access token allows you to make requests to the API on a behalf of a user.

For example, by setting the Authorization header like this:

hashtag
Get user informations referenced by given access token

GET https://api.textmaster.com/v1/clients/users/me

hashtag
Headers

Name
Type
Description

Accept*

String

application/json

Authorization

String

Bearer ACCESS-TOKEN

hashtag
Skip authorization for testing purposes

If you want to skip authorizing your app in the standard way, for example when testing your app, you can register it with the following value as callback URL: urn:ietf:wg:oauth:2.0:oob.

circle-info

Tips: Use urn:ietf:wg:oauth:2.0:oob special callback URL for testing purposes.

At the end of step 1, users will not be redirected to your app's callback URL and the authorization code will be displayed to you instead.

hashtag
Refreshing access tokens

To enforce regular token rotation and reduce the impact of a compromised token, access tokens automatically expire after 8 hours. You can use refresh tokens to request new access token.

When you receive an access token, the response will also contain a refresh token, which can be exchanged for a new access token and refresh token.

To renew an expiring access token, you can exchange the refresh_token for a new access_token and refresh_token.

circle-info

Tips: Use the refresh_token to get a new access_token when it has expired. refresh_token do not expire.

hashtag
Exchange an OAuth code for a user's access token

POST https://app.textmaster.com/oauth/token

hashtag
Query Parameters

Name
Type
Description

client_id*

String

The client ID you received from TextMaster when you registered your app.

client_secret*

String

The client secret you received from TextMaster when you registered your app.

grant_type*

String

Value must be refresh_token (required by the OAuth specification).

refresh_token*

String

The token received with the access_token.

PreviousCreating an OAuth AppNextScopes for OAuth Apps

Last updated

Was this helpful?