OAuth 2 Guide

REPP uses OAuth2 to provide authorization and access to user information. There are three simple steps to getting access:

To see a demo of the OAuth in action, check out the OAuth Demo.

Request an Authorization Code

To get an authorization code you must redirect the user to https://api.myrepp.com/oauth/authorize with the following query parameters.

Parameter Description
client_id Indicates the REPP API Client that is making the request. If you do not have a REPP API account please contact support@myrepp.com
redirect_uri  Determines where the authorization response is sent. The value must match a URI that is already associated with your REPP API account
scope The level of access your are requesting from the user. All current REPP API accounts are limited to ‘people.me.basic’
response_type The REPP API currently only supports code as a valid response type.
force_auth Optional. By default REPP will NOT ask a user for authorization if they have already authorized the requested scope for the requesting API client. By setting this option to ‘true’ you can override that behavior and the user will be prompted to authorize.

The final URI would look something like:

https://api.myrepp.com/oauth/authorize?client_id=123456789&redirect_uri=http://example.com/repp-callback&response_type=code&scope=people.me.basic

Exchange the Authorization Code for an Access Token

If the user authorizes your application to access his/her information, you’ll be given an authorization code as a query parameter to the redirect_uri specified in the authorize request.

An error or denial response:

http://example.com/repp-callback?error=access_denied

An authorization code response:

http://example.com/repp-callback?code=asdfg12345

Once you have the authorization code you must exchange it for an access token via a server side POST to https://api.myrepp.com/oauth/token.

Basic Authentication:

The request must authenticated using your REPP API Client ID and Client Secret as the username and password respectively.

Token Parameters:

Parameter Description
code The authorization returned from the authorize request
redirect_uri A valid redirect_uri registered with the application
grant_type This field must contain the value of ‘authorization_code’

The actual request would look something like:

POST /oauth/token HTTP/1.1
Host: api.myrepp.com
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Content-Type: application/x-www-form-urlencoded

code=asdfg12345&
redirect_uri=http://example.com/repp-callback&
grant_type=authorization_code

A successful response will contain a JSON object with the following properties:

Property Description
access_token The access token that can be used to access the REPP API
token_type The type of the token returned. This field will always be ‘Bearer’

Get User Profile Information

After you have obtained an access token, you can make a GET request to https://api.myrepp.com/people/me and include the access token either as an access_token query parameter or with an Authorization: Bearer HTTP header.

For example, you can use either of the following requests:

https://api.myrepp.com/people/me?access_token=987654321987654321987654321

or

GET /people/me HTTP/1.1
Host: api.myrepp.com
Authorization: Bearer 987654321987654321987654321

For more information on the structure of the data and other resources available refer to the REPP API Documentation.

Comments