Authorisation Methods
#
Implicit GrantImplicit Grant is the process of generating & retrieving a Third Party token easily and securely, without requiring the end-user to generate and provide the token.
You will need to contact us to provide us with a valid redirect_uri
as per below. Once provided we will advise of your unique client_id
.
#
Starting the implicit grantTo begin the implicit grant, you would direct the user to (via a web browser):
URIs | |
---|---|
staging | https://accounts.staging.reiformslive.com.au/oauth/authorize |
production | https://accounts.reiformslive.com.au/oauth/authorize |
with the following query parameters. For this grant, the response_type must be token:
🎯 Parameters:
URI: https://accounts.reiformslive.com.au/oauth/authorize
response_type: The response type, in this case always token
.
client_id: The client_id provided by REI Forms Live to you.
redirect_uri: The URI you would like authorisation calls to be sent to (could be a custom URL scheme for mobile applications)
state:A variable for use by you to reduce the risk of cross-site request forgery on your authorisation end-point.
only: An array of APIs/States/Territories your application supports (act, nsw, nt, qld, sa, tas, wa, vic).
api: The default API/State/Territory your application supports (e.g. qld).
Example:
The client_id
and redirect_uri
MUST match what has been agreed to by REI Forms Live. If you require these to be changed, please contact us. The user is presented with a login dialog to which they login and they are then asked to authorise the app to create and edit forms on your behalf. If they click "Yes", they are redirected to the redirect_uri
with the following hash parameters:
🎯 Parameters:
access_token: The token to use in conjunction with your API Key in the Authorization
header.
token_type: The authorisation type, in this case always Basic
.
api: The API/State/Territory their account was linked to.
state: The state variable you sent in the original request.
env: Whether the account is staging
or production
.
Example
Once you have the token, use it as per Third Party above.