Authetication
How to obtain access token for authenticated API using OAuth 2.0
Introduction
LikeCoin API uses OAuth2.0 flow for API authorization, through the following steps.
Users authorize your app through web UI
https://like.co/in/oauth
. For details and params, please refer tolike.co OAuth page
section belowUsers are redirected back to a
redirect_uri
you own with acode
, thiscode
is used to exchange for a useraccess_token
andrefresh_token
.Call APIs using
access_token
with proper scope. e.g. APIs inLike->info
sections requiresread:like.info
orwrite:like.info
grants.
AVAILABLE SCOPES:
The following scope should be prepended with read:
or write:
TOKEN LIFE TIME
Access tokens expire in 1 hour. Refresh tokens do not expire, unless:
Another new refresh token was issued for the same oauth client & user combination
User revoked access
OAuth client revoked the token via API
1. Format like.co OAuth parameters
https://like.co/in/oauth/?client_id={{CLIENT_ID}}&scope={{scope}}&redirect_uri={{redirectURI}}&state={{state}}
User will navigate to this page to authorize oauth, redirects back to redirect_uri
with query paramauth_code
and state
if success
2. Redirect users to the formatted like.co OAuth page
The page will prompt user to either login or register a Liker ID if they are not logged in. Users logged in will then be shown the OAuth client's info and permissions asked. authorization_code
and other response will be sent in query string to redirect_uri
should users accept the permission, or error denied
will be returned instead.
3. Exchange authorization_code
for access_token
authorization_code
for access_token
POST
https://api.like.co/oauth/access_token
After user oauth login in client, exchange authorization_code in callback uri for access_token
Headers
Request Body
4. Call API with access_token
access_token
Call authenticated API with header Authorization
valueBearer {{access_token}}
Last updated