Authorizing OAuth Apps
Learn how to enable other users to authorize your OAuth App.
Last updated
Was this helpful?
Learn how to enable other users to authorize your OAuth App.
Last updated
Was this helpful?
TextMaster's OAuth implementation supports the standard .
See the section if you want to skip authorizing your app in the standard way, such as when testing your app, you can use our special callback url.
To authorize your OAuth app, consider which authorization flow best fits your app:
Web Application Flow: Used to authorize users for standard OAuth apps that run in the browser. (The is not supported)
The web application flow to authorize users for your app is:
Users are redirected to request their TextMaster identity
Users are redirected back to your site by TextMaster
Your app accesses the API with the user's access token
Use the following query to request user's TextMaster identity. User will have to be signed in to authorize your app.
GET
https://app.textmaster.com/oauth/authorize
client_id*
String
The client ID you received from TextMaster when you registered your app.
redirect_uri*
String
The callback URL that is configured in your registered app.
scope*
String
A space-delimited list of scopes.
response_type*
String
Value must be code
(required by the OAuth specification).
If the user accepts your request, TextMaster redirects back to your site with a temporary code
in a code parameter. The temporary code will expire after 10 minutes.
Exchange this code
for an access token:
POST
https://app.textmaster.com/oauth/token
client_id*
String
The client ID you received from TextMaster when you registered your app.
client_secret*
String
The client secret you received from TextMaster when you registered your app.
grant_type*
String
Value must be authorization_code
(required by the OAuth specification).
redirect_uri
String
The same callback URL as sent in step 1.
code*
String
The code
you received as a response to step 1.
The response includes two tokens:
An access_token
which is used to access the API on behalf of a user
A refresh_token
which is used to get a new access token when it has expired
The access token allows you to make requests to the API on a behalf of a user.
For example, by setting the Authorization
header like this:
GET
https://api.textmaster.com/v1/clients/users/me
Accept*
String
application/json
Authorization
String
Bearer ACCESS-TOKEN
If you want to skip authorizing your app in the standard way, for example when testing your app, you can register it with the following value as callback URL: urn:ietf:wg:oauth:2.0:oob
.
At the end of step 1, users will not be redirected to your app's callback URL and the authorization code will be displayed to you instead.
To enforce regular token rotation and reduce the impact of a compromised token, access tokens automatically expire after 8 hours. You can use refresh tokens to request new access token.
When you receive an access token, the response will also contain a refresh token, which can be exchanged for a new access token and refresh token.
To renew an expiring access token, you can exchange the refresh_token
for a new access_token
and refresh_token
.
POST
https://app.textmaster.com/oauth/token
client_id*
String
The client ID you received from TextMaster when you registered your app.
client_secret*
String
The client secret you received from TextMaster when you registered your app.
grant_type*
String
Value must be refresh_token
(required by the OAuth specification).
refresh_token*
String
The token received with the access_token
.
Tips: Access token expires after 8 hours. For more information about refresh tokens, see .