SJAUTHv2 uses the OAuth 2.0 specification. The client application connects to the SJAUTH server to request access to the user's data from the server. The server responds with a token that should be used to authorize API calls to the server.
To create an application, visit the SJAUTH
My Account page. Scroll down to
Developer Settings. Enter the Application's name and a valid redirect URI where the server will callback. Once you add the application, you will be provided with a Client ID and Client Secret. The client secret must be kept secret at all times.
Click here to see a list of possible scopes.
The following is the URL structure required for authorization Part 1-
|response-type||This is always required to be set as
|scopes||The scopes parameter is a list of scopes that the client application is requesting access for. The list should be a string, with each scope separated with |
|clientid||The clientid parameter is the client id with which you are requesting this data from. This value can be found on your SJAUTH developer dahsboard.|
|state||The state parameter is a randomly generated string that is used to ensure the authenticity of your application. If the state given during the code flow does not match the state given while requesting a token, your request will be denied.|
|redirect_uri||The redirect_uri parameter is the URL to which the user should be redirected to after authorization. If this does not match a valid redirect_uri associated with the given clientid, the request for a code will be denied.|
After the user authorizes access to their account, they will be redirected to the redirect_uri. Here, 2 GET URL parameters will be given in return -
state. When you receive these parameters, you are to make a POST request to
to obtain a token that can be used for API Calls. Here are the POST parameters necessary for the request-
|grant_type||This is required to be
|code||This is the value that you received from the previous step. You should receive this as a URL parameter in your callback|
|clientid||This is the client id with which your app has been registered.|
|clientsecret||This is the client secret that you received after creating an application on the Developer Dashboard|
|redirect_uri||This must be a valid redirect_uri registered in your developer application settings.|
|state||The state must be the same state that your client application passed to the code grant earlier in part 1. False states will be denied.|
Once you follow these steps, you will receive a text response containing the token.
Once you have a token, an API call can be made. To see all endpoints, click here. To make an API Call, make a POST request to the endpoints on the page linked. The POST body should contain a key called
Authorization, and its value should be your token. If the request specified is a GET request, the token should be included as a parameter named Authorization in the URL. The server will automatically populate the data that your token allows for, and will return a JSON response.