Comment on page
Version 2 (OAUTH2)
The API version 2 implements the OAuth2 authorization framework, enabling secure authentication and authorization to access its resources. This flow has been developed specifically for the Make Academy Custom Apps Development course, aiming to simulate a real-world authentication and authorization process.
Every developer can integrate Custom App Academy API V2 by obtaining up to one app access that involves registration of their application and obtaining client credentials.
To obtain the necessary client credentials (client ID and secret), you can submit the form. If you have previously submitted the form for API version 1, you should already have received the credentials to API version 2 via email.
To provide a realistic user authorization experience, API version 2 includes a feature where users can select the specific account they want to connect with the application. This mimics the behavior seen in real-world applications.
Selection of the account to authorize
Each app user (John Doe/Jane Black) can have only one active connection. If you generate a new connection, the existing one will be removed.
Redirect the user to
authorizeendpoint. This will prompt the user to allow your application to access the Custom App Academy API on their behalf. You need the user to allow the
connectscope to successfully authorize access. To obtain the
codeparameter to authorize
tokenrequest, set the
Once a user decides to allow or disallow your application access to their account, Custom App Academy will redirect them to the OAuth2 redirect URL that you set when submitting your form.
If there was an error processing the request, the response will contain an
error.messageparameter. If the request was successful, the response will contain
Use your application
client secrettogether with
codefrom the previous step to issue a request to
tokenendpoint. You must use the same redirect URL in the
A successful request will respond with
refresh_expires_invalues are in minutes.
Endpoint to retrieve token.
After obtaining the access token, you can send requests to App Academy API that contain the
authorizationheader in this format:
Endpoint to retrieve info about the connected account.
The API provides the
expires_inparameter in the
tokenresponse to determine if the user's access token has expired. If it has, use the
refreshendpoint to retrieve a new access token and refresh token.
refresh_expires_invalues are in minutes. To obtain a new access token and refresh token, the refresh token must not be expired!
Endpoint to retrieve a new refresh token.
If the user wants to invalidate the access of your app to Custom App Academy API, use the
Endpoint to invalidate the access token.
API Version 2 provides integration with scopes. Scopes provide a granular level of access control and ensure that users can only access the specific resources they need. The following scopes are supported:
*except for /info endpoint
In API version 2, all the endpoints available in API version 1 are fully supported. To make API calls in version 2, you need to use the URL for API version 2 as well as to ensure proper authorization and scope management by following the instructions provided above.