Authetication
How to obtain access token for authenticated API using OAuth 2.0
LikeCoin API uses OAuth2.0 flow for API authorization, through the following steps.
- 1.Users authorize your app through web UI
https://like.co/in/oauth
. For details and params, please refer tolike.co OAuth page
section below - 2.Users are redirected back to a
redirect_uri
you own with acode
, thiscode
is used to exchange for a useraccess_token
andrefresh_token
. - 3.Call APIs using
access_token
with proper scope. e.g. APIs inLike->info
sections requiresread:like.info
orwrite:like.info
grants.
Scope | Description |
profile | Basic user public information |
email | Access to user's email address |
The following scope should be prepended with
read:
or write:
Scope | Description |
(read|write):like | Access to all like related read/write scope |
read:like.button | Access to read user like history and suggestions |
write:like.button | Permission to like content for user |
read:like.info | Access to read user liked authors, content suggestions, etc |
Access tokens expire in 1 hour. Refresh tokens do not expire, unless:
- 1.Another new refresh token was issued for the same oauth client & user combination
- 2.User revoked access
- 3.OAuth client revoked the token via API
https://like.co/in/oauth/?client_id={{CLIENT_ID}}&scope={{scope}}&redirect_uri={{redirectURI}}&state={{state}}
User will navigate to this page to authorize oauth, redirects back to
redirect_uri
with query paramauth_code
and state
if successParam | Description |
client_id | OAuth client id |
scope | list of scope seperated by space, must be whitelisted, e.g. profile email |
redirect_uri | redirect uri in URI compoenent encoded form, must be whitelisted |
state | optional state provided by the service, that get passed back after authetication is success. Highly recommended for security reason. |
The page will prompt user to either login or register a Liker ID if they are not logged in. Users logged in will then be shown the OAuth client's info and permissions asked.
authorization_code
and other response will be sent in query string to redirect_uri
should users accept the permission, or error denied
will be returned instead.
post
https://api.like.co
/oauth/access_token
Call authenticated API with header
Authorization
valueBearer {{access_token}}
Last modified 3yr ago