How to obtain access token for authenticated API using OAuth 2.0
LikeCoin API uses OAuth2.0 flow for API authorization, through the following steps.
- 1.Users authorize your app through web UI
https://like.co/in/oauth. For details and params, please refer to
like.co OAuth pagesection below
- 2.Users are redirected back to a
redirect_uriyou own with a
codeis used to exchange for a user
- 3.Call APIs using
access_tokenwith proper scope. e.g. APIs in
Basic user public information
Access to user's email address
The following scope should be prepended with
Access to all like related read/write scope
Access to read user like history and suggestions
Permission to like content for user
Access to read user liked authors, content suggestions, etc
Access tokens expire in 1 hour. Refresh tokens do not expire, unless:
- 1.Another new refresh token was issued for the same oauth client & user combination
- 2.User revoked access
- 3.OAuth client revoked the token via API
User will navigate to this page to authorize oauth, redirects back to
redirect_uriwith query param
OAuth client id
list of scope seperated by space, must be whitelisted, e.g.
redirect uri in URI compoenent encoded form, must be whitelisted
optional state provided by the service, that get passed back after authetication is success. Highly recommended for security reason.
The page will prompt user to either login or register a Liker ID if they are not logged in. Users logged in will then be shown the OAuth client's info and permissions asked.
authorization_codeand other response will be sent in query string to
redirect_urishould users accept the permission, or error
deniedwill be returned instead.
Call authenticated API with header