Authentication
Learn more about our implementation of OAuth 2.0 for authentication
OAuth 2.0
For authentication, Join It uses OAuth 2.0 protocol.
Creating your Application Key
Currently, to get started using Join It's API -- you'll need to contact them to have your Application Key created.
Contact us to provide a short explanation of what you're looking to build and we'll get your Application Key created shortly!
Authenticating Users
What You'll Need:
- API Key (client_id)
- Client Secret (client_secret)
- Redirect URI (redirect_uri)
From your site, redirect users to our authorization URL, while including your API key (client_id) and redirect URI (redirect_url) as query parameters: https://app.joinit.com/oauth2/authorize?response_type=code&client_id=YOUR_API_KEY&redirect_uri=YOUR_REDIRECT_URI
Note: As a parameter, you can also pass in a 'state' value
When the user authorizes your app, your redirect URI will receive a request from our authorization server with your access code included as a query parameter.
Here's an example of the URI you will be redirected to (with the access code included as a query parameter): http://acmehompage.com/callback_uri?code=YOUR_ACCESS_CODE&state=STATE_PROVIDED
Send a POST request to https://app.joinitapi.com/oauth2/token that specifies the grant type and includes the code provided, your client secret, and API key (client_id). This data should be sent as part of your request header.
Here's an example of a POST request using cURL:
curl --request POST \
--url 'https://app.joinitapi.com/oauth2/token' \
--data client_id=API_KEY \
--data client_secret=CLIENT_SECRET \
--data code=ACCESS_CODE \
The server will verify the access code and call your redirect URI. The user's OAuth token will be available in the JSON response. Use this OAuth token to make API requests on behalf of this user.
Response Object Includes the following:
- access_token: Access token to save on behalf of the user to make future authenticated API calls on their behalf
- id_token: JSON Web Token representing OpenID's id_token
- scope: "all" -- currently, our tokens do not have scopes, so by default the scope will always be "all"
- token_type: "Bearer"
- expires_in: Access tokens do not expire
Updated about 2 years ago