Home My Account Login Signup API Docs

API Docs

SJAUTHv2 uses the OAuth 2.0 specification. The client application connects to the SJAUTH server to request access to the user's data from the server. The server responds with a token that should be used to authorize API calls to the server.

Important Links

Possible Scopes
Possible Endpoints

Creating an Application through the SJAUTH portal

To create an application, visit the SJAUTH My Account page. Scroll down to Developer Settings. Enter the Application's name and a valid redirect URI where the server will callback. Once you add the application, you will be provided with a Client ID and Client Secret. The client secret must be kept secret at all times.


Click here to see a list of possible scopes.

Part 1 - Redirecting the user to authorize the service

The following is the URL structure required for authorization Part 1-
Parameter Explanation
response-type This is always required to be set as code because SJAUTH does not support any other method at the time.
scopes The scopes parameter is a list of scopes that the client application is requesting access for. The list should be a string, with each scope separated with %20 or +.
clientid The clientid parameter is the client id with which you are requesting this data from. This value can be found on your SJAUTH developer dahsboard.
state The state parameter is a randomly generated string that is used to ensure the authenticity of your application. If the state given during the code flow does not match the state given while requesting a token, your request will be denied.
redirect_uri The redirect_uri parameter is the URL to which the user should be redirected to after authorization. If this does not match a valid redirect_uri associated with the given clientid, the request for a code will be denied.

Part 2 - Obtaining a Token

After the user authorizes access to their account, they will be redirected to the redirect_uri. Here, 2 GET URL parameters will be given in return - code and state. When you receive these parameters, you are to make a POST request to

to obtain a token that can be used for API Calls. Here are the POST parameters necessary for the request-

Parameter Description
grant_type This is required to be authorization_code because of limitations on the server. Expect this to change in SJAUTH API v2.
code This is the value that you received from the previous step. You should receive this as a URL parameter in your callback
clientid This is the client id with which your app has been registered.
clientsecret This is the client secret that you received after creating an application on the Developer Dashboard
redirect_uri This must be a valid redirect_uri registered in your developer application settings.
state The state must be the same state that your client application passed to the code grant earlier in part 1. False states will be denied.

Once you follow these steps, you will receive a text response containing the token.

Part 3 - Making an API Call

Once you have a token, an API call can be made. To see all endpoints, click here. To make an API Call, make a POST request to the endpoints on the page linked. The POST body should contain a key called Authorization, and its value should be your token. If the request specified is a GET request, the token should be included as a parameter named Authorization in the URL. The server will automatically populate the data that your token allows for, and will return a JSON response.