Authetication
LikeCoin API uses OAuth2.0 flow for API authorization, through the following steps.
Users authorize your app through web UI
https://like.co/in/oauth. For details and params, please refer tolike.co OAuth pagesection belowUsers are redirected back to a
redirect_uriyou own with acode, thiscodeis used to exchange for a useraccess_tokenandrefresh_token.Call APIs using
access_tokenwith proper scope. e.g. APIs inLike->infosections requiresread:like.infoorwrite:like.infogrants.
Scope | Description |
profile | Basic user public information |
Access to user's email address |
The following scope should be prepended with read: or write:
Scope | Description |
(read|write):like | Access to all like related read/write scope |
read:like.button | Access to read user like history and suggestions |
write:like.button | Permission to like content for user |
read:like.info | Access to read user liked authors, content suggestions, etc |
Access tokens expire in 1 hour. Refresh tokens do not expire, unless:
Another new refresh token was issued for the same oauth client & user combination
User revoked access
OAuth client revoked the token via API
https://like.co/in/oauth/?client_id={{CLIENT_ID}}&scope={{scope}}&redirect_uri={{redirectURI}}&state={{state}}
User will navigate to this page to authorize oauth, redirects back to redirect_uri with query paramauth_code and state if success
Param | Description |
client_id | OAuth client id |
scope | list of scope seperated by space, must be whitelisted, e.g. |
redirect_uri | redirect uri in URI compoenent encoded form, must be whitelisted |
state | optional state provided by the service, that get passed back after authetication is success. Highly recommended for security reason. |
The page will prompt user to either login or register a Liker ID if they are not logged in. Users logged in will then be shown the OAuth client's info and permissions asked. authorization_code and other response will be sent in query string to redirect_uri should users accept the permission, or error denied will be returned instead.
post
application/x-www-form-urlencodedauthorization_codeaccess_token, refresh_token, and user profile in JSON format{"user": "williamchonggoogle","displayName": "William Chong","avatar": "https://storage.googleapis.com/likecoin-develop.appspot.com/likecoin_store_user_williamchonggoogle_test?GoogleAccessId=firebase-adminsdk-b93f2%40likecoin-develop.iam.gserviceaccount.com&Expires=2430432000&Signature=uJzHlCKDU9azuN5jbHVXToc2OsmPqJ0g4Q%2F3fhgJWBVK2f9brU%2FqYkx9ugVyNARugxxyCsfPX5a4jobhpI7jz%2FCy322RHv1TKPPePpQWstD46EhtFXwb8k2Q0HE65%2FO9yK69qvj08hSSvALFwk3oVObKw9D21mN5NLmar%2B9ZSxgl%2BBL%2BBfHp3cDEThZ%2FzMTHKSdOnrsSaH8Nrg7Y0wqzExzpc%2BaA158GDMAeJJwLWznXdrAI6Sd2CLMLW6ER%2FtdlTKQNbOEhiYElRLCC%2FBlS9jAjov7u%2BsifKEc7mADDum2dabBTBG69WusrgT8IrdBq2Hb6l05HI1AeRrlD8jeR5w%3D%3D","refresh_token": "j31UBpMTdt-zaqVrCUJ0Ap8ulbosoPUGS8rVls_QYBg","access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoid2lsbGlhbWNob25nZ29vZ2xlIiwic2NvcGUiOlsicHJvZmlsZSIsInJlYWQ6bGlrZSIsIndyaXRlOmxpa2UiXSwiYXpwIjoiMmY1NTFkNWZlMWFkNjU3NzNhMTciLCJpYXQiOjE1NTIwNDE3NDYsImV4cCI6MTU1MjA0NTM0NiwiYXVkIjoicmlua2VieS5saWtlLmNvIiwiaXNzIjoicmlua2VieS5saWtlLmNvIiwianRpIjoiMGJjN2Q1NGYtOWViYS00ODczLWFiYWUtMzc1ZTczYzExZTMwIn0.BPNsiQb0fs2fFjiSQWUq8oeE4FL_PLebdTRDpSh7n9k"}
Call authenticated API with header Authorization valueBearer {{access_token}}
