Authorizing OAuth Apps
Learn how to enable other users to authorize your OAuth App.
TextMaster's OAuth implementation supports the standard Authorization Code Grant.
See the skip authorization section if you want to skip authorizing your app in the standard way, such as when testing your app, you can use our special callback url.
To authorize your OAuth app, consider which authorization flow best fits your app:
Web Application Flow: Used to authorize users for standard OAuth apps that run in the browser. (The implicit grant type is not supported)
Web Application Flow
The web application flow to authorize users for your app is:
Users are redirected to request their TextMaster identity
Users are redirected back to your site by TextMaster
Your app accesses the API with the user's access token
Request a user's TextMaster identity
Use the following query to request user's TextMaster identity. User will have to be signed in to authorize your app.
Request a user's TextMaster identity
GET https://app.textmaster.com/oauth/authorize
Query Parameters
client_id*
String
The client ID you received from TextMaster when you registered your app.
redirect_uri*
String
The callback URL that is configured in your registered app.
scope*
String
A space-delimited list of scopes.
response_type*
String
Value must be code (required by the OAuth specification).
Users are redirected back to your site by TextMaster
If the user accepts your request, TextMaster redirects back to your site with a temporary code in a code parameter. The temporary code will expire after 10 minutes.
Exchange this code for an access token:
Exchange an OAuth code for a user's access token
POST https://app.textmaster.com/oauth/token
Query Parameters
client_id*
String
The client ID you received from TextMaster when you registered your app.
client_secret*
String
The client secret you received from TextMaster when you registered your app.
grant_type*
String
Value must be authorization_code (required by the OAuth specification).
redirect_uri
String
The same callback URL as sent in step 1.
code*
String
The code you received as a response to step 1.
The response includes two tokens:
An
access_tokenwhich is used to access the API on behalf of a userA
refresh_tokenwhich is used to get a new access token when it has expired
Use the access token to access the API
The access token allows you to make requests to the API on a behalf of a user.
For example, by setting the Authorization header like this:
Get user informations referenced by given access token
GET https://api.textmaster.com/v1/clients/users/me
Headers
Accept*
String
application/json
Authorization
String
Bearer ACCESS-TOKEN
Skip authorization for testing purposes
If you want to skip authorizing your app in the standard way, for example when testing your app, you can register it with the following value as callback URL: urn:ietf:wg:oauth:2.0:oob.
At the end of step 1, users will not be redirected to your app's callback URL and the authorization code will be displayed to you instead.
Refreshing access tokens
To enforce regular token rotation and reduce the impact of a compromised token, access tokens automatically expire after 8 hours. You can use refresh tokens to request new access token.
When you receive an access token, the response will also contain a refresh token, which can be exchanged for a new access token and refresh token.
To renew an expiring access token, you can exchange the refresh_token for a new access_token and refresh_token.
Exchange an OAuth code for a user's access token
POST https://app.textmaster.com/oauth/token
Query Parameters
client_id*
String
The client ID you received from TextMaster when you registered your app.
client_secret*
String
The client secret you received from TextMaster when you registered your app.
grant_type*
String
Value must be refresh_token (required by the OAuth specification).
refresh_token*
String
The token received with the access_token.
Last updated
Was this helpful?
