SHIFT API

ApplicationsAttachmentsMessagesOAuth 2.0TeamsUsersCallbacksCampaign Creation

Guides & Tutorials

OAuth 2.0 TutorialApp Icon Design

SHIFT API

OAuth 2.0

API routes for handling OAuth 2.0 authentication.

Getting Started

If you are setting up your application with OAuth 2.0 integration for the first time, read Getting Started with OAuth 2.0 before attempting to use the routes below.

API Reference

GET
/v1/oauth2/test/app

query client_id: Application ID (required)
query client_secret: Application secret (required)

This route is made available to test successful authentication of an Application using a client id and client secret.

Example 1

Verify application credentials

GET /v1/oauth2/test/app?client_id=:uuid&client_secret=:uuid

JSON response body:

{
  "meta": {}, 
  "data": [], 
  "time": 0.0005359649658203125
}

Example 2

Invalid application credentials

GET /v1/oauth2/test/app?client_id=:uuid&client_secret=1234567890

JSON response body:

{
  "errors": [
    {
      "message": "Not authorized", 
      "code": 4010
    }
  ]
}
GET
/v1/oauth2/test/app_as_user

This route is made available to test successful authentication of a user through OAuth within an Application.

Note: All requests made on behalf of a user must include a "Bearer" header

Example 1

Access of a protected test resource is successful

GET /v1/oauth2/test/app_as_user

Header data

Bearer <valid-token-string>

JSON response body:

{
  "meta": {}, 
  "data": [], 
  "time": 0.000141143798828125
}

Example 2

Authentication fails when invalid token is sent

GET /v1/oauth2/test/app_as_user

Header data

Bearer <invalid-token-string>

JSON response body:

{
  "errors": [
    {
      "message": "OAuth authorization error.", 
      "code": 4012, 
      "reason": "access_denied"
    }
  ]
}
GET
/v1/oauth2/token

form code:
form grant_type:
form client_id:
form redirect_uri:

Generate access token information from an authorization code

To successfully authenticate a SHIFT user through OAuth, this final step must be performed by your application server. Post the correct data and both an access token and a refresh token will be generated for your application.

Example 1

OAuth token generation

In this example, the authorization_code parameter is valid, which means that user tokens are generated.

POST /v1/oauth2/token

Request Body:

"code=Pepiu3gwUtMlog6HST8FLC2MmRIAGfnVwbGonctC&client_secret=f07fcf0d-609e-4746-928c-6af34931d3d6&grant_type=authorization_code&client_id=944a9ad3-948b-4675-916e-1262816fea57&redirect_uri=https%3A%2F%2Fgrapheffect.com%2Foauth2redirect"

JSON response body:

{
  "access_token": "NZADi3Baw3PrXED2m66LVripQLU8ZnrOWQzKJsr7", 
  "token_type": "Bearer", 
  "expires_in": 3600, 
  "refresh_token": "2KJaOtHQnHGofjc9iOPQic6YDSrQzO6xGCxFiMW1"
}

Example 2

OAuth token generation failure

In this example, the authorization_code parameter is invalid, which means that user tokens are not generated.

POST /v1/oauth2/token

Request Body:

"code=qwertyuiopasdfghjklzxcvbnm&client_secret=81eb16c8-8bd6-4f4f-b21d-04897c0831bd&grant_type=authorization_code&client_id=fe57ce38-f335-4728-9703-f2d5f1b9a012&redirect_uri=https%3A%2F%2Fgrapheffect.com%2Foauth2redirect"

JSON response body:

{
  "error": "invalid_grant"
}