OAuth
The OAuth resource allows an application to be granted authorization to act on behalf of the user. To retrieve an access token for a given user the application must prepare an Authorization URL that the user must be redirected to, such as the following:
https://api.boxc.com/v1/oauth/authorize?application_id=1x98s0ad8fsfs091&return_uri=https://myapp.com/connect/user/150162
After the user is redirected to api.boxc.com they are prompted to sign in to their BoxC account and accept the requested permissions. The user is then redirected to the provided return_uri
with a nonce
hash appended as a parameter. The nonce
must be captured by the application because it is required for retrieving an access token.
With the application_id
, application_secret
, and nonce
in hand the application may now call POST /oauth/access_token
to retrieve an access token. The token lasts indefinitely, or at least until the user revokes the application's permissions. For all future requests to the API the application must place the user's access_token
in the request header like the following example.
Authorization: Bearer {access_token}
Actions
GET /oauth/authorize |
Requests authorization for an application |
POST /oauth/access_token |
Creates an access token |
DELETE /oauth/{access_token} |
Revokes an access token |
Properties
access_token |
|
application_id |
|
application_secret |
|
nonce |
|
application_id |
The application's unique identifier. |
return_uri |
The application's callback URL that will process the authorization response. |
GET /oauth/authorize
application_id=1x98s0ad8fsfs091&return_uri=https://myapp.com/connect/user/170242
HTTP/1.1 200 OK
POST /oauth/access_token
{ "application_id": "1x98s0ad8fsfs091", "application_secret": "a7bb9fe6-7443-4711-9cfb-a6437f882eec", "nonce": "VOxDU1dyY3pSQmV6TQVOxDU1dyY3pSQm" }
HTTP/1.1 201 Created
{ "access_token": "52277de980b06dbcba5c5e8a58c747750fe41ec3f71a7ff9ab2a7d94907ef5d1", "expires_in": null, "token_type": "Bearer" }
DELETE /oauth/52277de980b06dbcba5c5e8a58c747750fe41ec3f71a7ff9ab2a7d94907ef5d1
HTTP/1.1 200 OK