Authetication
How to obtain access token for authenticated API using OAuth 2.0
Introduction
LikeCoin API uses OAuth2.0 flow for API authorization, through the following steps.
Users authorize your app through web UI
https://like.co/in/oauth. For details and params, please refer tolike.co OAuth pagesection belowUsers are redirected back to a
redirect_uriyou own with acode, thiscodeis used to exchange for a useraccess_tokenandrefresh_token.Call APIs using
access_tokenwith proper scope. e.g. APIs inLike->infosections requiresread:like.infoorwrite:like.infogrants.
AVAILABLE SCOPES:
Scope
Description
profile
Basic user public information
Access to user's email address
The following scope should be prepended with read: or write:
Scope
Description
(read|write):like
Access to all like related read/write scope
read:like.button
Access to read user like history and suggestions
write:like.button
Permission to like content for user
read:like.info
Access to read user liked authors, content suggestions, etc
TOKEN LIFE TIME
Access tokens expire in 1 hour. Refresh tokens do not expire, unless:
Another new refresh token was issued for the same oauth client & user combination
User revoked access
OAuth client revoked the token via API
1. Format like.co OAuth parameters
https://like.co/in/oauth/?client_id={{CLIENT_ID}}&scope={{scope}}&redirect_uri={{redirectURI}}&state={{state}}
User will navigate to this page to authorize oauth, redirects back to redirect_uri with query paramauth_code and state if success
Param
Description
client_id
OAuth client id
scope
list of scope seperated by space, must be whitelisted, e.g. profile email
redirect_uri
redirect uri in URI compoenent encoded form, must be whitelisted
state
optional state provided by the service, that get passed back after authetication is success. Highly recommended for security reason.
2. Redirect users to the formatted like.co OAuth page
The page will prompt user to either login or register a Liker ID if they are not logged in. Users logged in will then be shown the OAuth client's info and permissions asked. authorization_code and other response will be sent in query string to redirect_uri should users accept the permission, or error denied will be returned instead.
3. Exchange authorization_code for access_token
authorization_code for access_tokenPOST https://api.like.co/oauth/access_token
After user oauth login in client, exchange authorization_code in callback uri for access_token
Headers
Content-Type
string
application/x-www-form-urlencoded
Request Body
client_id
string
OAuth client id
client_secret
string
OAuth client secret
grant_type
string
authorization_code
code
string
The authorization code received in redirect_uri
redirect_uri
string
The redirect_uri param in original request
{
"user": "williamchonggoogle",
"displayName": "William Chong",
"avatar": "https://storage.googleapis.com/likecoin-develop.appspot.com/likecoin_store_user_williamchonggoogle_test?GoogleAccessId=firebase-adminsdk-b93f2%40likecoin-develop.iam.gserviceaccount.com&Expires=2430432000&Signature=uJzHlCKDU9azuN5jbHVXToc2OsmPqJ0g4Q%2F3fhgJWBVK2f9brU%2FqYkx9ugVyNARugxxyCsfPX5a4jobhpI7jz%2FCy322RHv1TKPPePpQWstD46EhtFXwb8k2Q0HE65%2FO9yK69qvj08hSSvALFwk3oVObKw9D21mN5NLmar%2B9ZSxgl%2BBL%2BBfHp3cDEThZ%2FzMTHKSdOnrsSaH8Nrg7Y0wqzExzpc%2BaA158GDMAeJJwLWznXdrAI6Sd2CLMLW6ER%2FtdlTKQNbOEhiYElRLCC%2FBlS9jAjov7u%2BsifKEc7mADDum2dabBTBG69WusrgT8IrdBq2Hb6l05HI1AeRrlD8jeR5w%3D%3D",
"refresh_token": "j31UBpMTdt-zaqVrCUJ0Ap8ulbosoPUGS8rVls_QYBg",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjoid2lsbGlhbWNob25nZ29vZ2xlIiwic2NvcGUiOlsicHJvZmlsZSIsInJlYWQ6bGlrZSIsIndyaXRlOmxpa2UiXSwiYXpwIjoiMmY1NTFkNWZlMWFkNjU3NzNhMTciLCJpYXQiOjE1NTIwNDE3NDYsImV4cCI6MTU1MjA0NTM0NiwiYXVkIjoicmlua2VieS5saWtlLmNvIiwiaXNzIjoicmlua2VieS5saWtlLmNvIiwianRpIjoiMGJjN2Q1NGYtOWViYS00ODczLWFiYWUtMzc1ZTczYzExZTMwIn0.BPNsiQb0fs2fFjiSQWUq8oeE4FL_PLebdTRDpSh7n9k"
}4. Call API with access_token
access_token Call authenticated API with header Authorization valueBearer {{access_token}}
Last updated