Skip to main content

Get an Access Token

This process is largly structured based on the OAuth 2.0 specification. There are some things missing but I hope to make it completely compliant in the future.

1. Get an authorization code

Once you have created an app, you'll need to REDIRECT them to the authorization endpoint to get an authorization code. The endpoint is called authenticate but ignore that lol it's for authenticating the user and also authorizing your app on their behalf. Keep in mind that this is https://auth.dilanxd.com.

GO TO

/authenticate

HOST

https://auth.dilanxd.com

QUERY PARAMS

client_id*

Your 12-digit client ID.

redirect_uri*

A URL with an approved domain to redirect the user after authorization.

state*

A random string to prevent CSRF attacks. Ensure that you check this when the user is redirected back to your app.

You'll then be redirected back to your application at the endpoint you specified in the redirect_uri query parameter. This URL will contain a state query parameter, which you should verify, and a code query paramter, which you should immediately exchange for an access token since authorization codes expire quickly.

2. Exchange code for token

Once you've verified state, use the code to get an access token by making the following API request. Keep in mind that this is https://api.dilanxd.com.

POST

/auth/token

HOST

https://api.dilanxd.com

BODY

application/json

client_id*

Your 12-digit client ID.

code*

The authorization code.

200 OK

Operation successful

400 Bad Request

Invalid or missing parameters

3. Use the access token

Now, you can make requests to the API using the access token. Just pass it in the Authorization header as a bearer token when necessary.

Authorization: Bearer <access_token>