Skip to main content

Authorisation Methods


Implicit Grant#

Implicit Grant is the process of generating & retrieving a Third Party token easily and securely, without requiring the end-user to generate and provide the token.

Located within your Developer API welcome email, will be your unique client_id. You will need to contact us to provide us with a valid redirect_uri as per below.

Starting the implicit grant#

To begin the implicit grant, you would direct the user to (via a web browser):

URIs
staginghttps://accounts.staging.reiformslive.com.au/oauth/authorize
productionhttps://accounts.reiformslive.com.au/oauth/authorize

with the following query parameters. For this grant, the response_type must be token:

🎯 Parameters:

URI: https://accounts.reiformslive.com.au/oauth/authorize

response_type: The response type, in this case always token.

client_id: The client_id provided by REI Forms Live to you.

redirect_uri: The URI you would like authorisation calls to be sent to (could be a custom URL scheme for mobile applications)

state:A variable for use by you to reduce the risk of cross-site request forgery on your authorisation end-point.

only: An array of APIs/States/Territories your application supports (act, nsw, nt, qld, sa, tas, wa, vic).

api: The default API/State/Territory your application supports (e.g. qld).

Example:

https://accounts.reiformslive.com.au/oauth/authorize?response_type=token&client_id=b4b2bde8-4f5d-49c4-87a0-2f733248c2a5&state=12345&redirect_uri=https://app.your-domain.com/auth

The client_id and redirect_uri MUST match what has been agreed to by REI Forms Live. If you require these to be changed, please contact us. The user is presented with a login dialog to which they login and they are then asked to authorise the app to create and edit forms on your behalf. If they click "Yes", they are redirected to the redirect_uri with the following hash parameters:

🎯 Parameters:

access_token: The token to use in conjunction with your API Key in the Authorization header.

token_type: The authorisation type, in this case always Basic.

api: The API/State/Territory their account was linked to.

state: The state variable you sent in the original request.

env: Whether the account is staging or production.

Example

https://app.your-domain.com/auth/#access_token=b1b584ea-90c8-48d1-b8eb-c43f1ad665fe&token_type=Basic&state=12345&=qld&env=production

Once you have the token, use it as per Third Party above.