phpFox 4 Developer Document
Page tree

Versions Compared

Old Version 12

changes.mady.by.user Robert

Saved on

compared with

New Version 13

changes.mady.by.user Paul Kellow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This APIs uses OAuth 2.0 for authentication. Consult the official OAuth2.0 documentation for the down-and-dirty technical specifications.

 

All resource requests (APIs Call) are requiring oauth2 authentication.

 

 

Grant Types

Grant Types allow to expose multiple ways for a client to receive an Access Token. Currently supported grant types:

...

Which requires the user to authenticate and redirects back to the client with an authorization code (Authorization Code grant type) or access token (Implicit grant type).

 

example.com/restful_api/authorize

 

 

Token Endpoint

Which uses the configured Grant Types to return an access token to the client.

 

example.com/restful_api/token

 

 

Tutorials

This project aims to create an easy-t-understand and well-tested framework for creating APIs. On this page, we will explain the basics of using phpFox RESTful API such as sending and receiving data, serializing data in HTTP requests, and more.

...

Call the authorize endpoint to get the code.

 

example.com/restful_api/authorize?response_type=code&client_id=CLIENT_ID

The request above will make an authorization form to user. If the user authorize this request, an authorized code will be returned to the client's redirect URI (set in client settings).

 

Get Access Token

Get by Authorization Code

The authorization code can be used to receive an access token from the token endpoint.

Code Block
bash
bash

$ curl -u CLIENT_ID:CLIENT_SECRET example.com/restful_api/token -d 'grant_type=authorization_code&code=AUTHORIZATION_CODE'

You will receive an access token:

 

"access_token":"ACCESS_TOKEN","expires_in":86400,"token_type":"bearer","scope":"null":"REFRESH_TOKEN"

 

 

Get implicit

Setting the query string parameter response_type=token in the authorize endpoint.

 

example.com/restful_api/authorize?response_type=token&client_id=CLIENT_ID&redirect_uri=app.example.com/callback

A successful token request will be returned in the fragment of the callback URI:

 

 

app.example.com/callback#access_token=EACCESS_TOKEN&expires_in=86400&token_type=bearer

 

 

Get by User credentials

Send the user credentials directly to receive an access token

Code Block
bash
bash

$ curl -u CLIENT_ID:CLIENT_SECRET example.com/restful_api/token -d 'grant_type=password&emailusername=USER_EMAIL&password=USER_PASSWORD'

 

URI Parameters: email username, password

 

 

Get by Client credentials

Example using HTTP Basic Authentication:

Code Block
bash
bash

$ curl -u CLIENT_ID:CLIENT_SECRET example.com/restful_api/token -d 'grant_type=client_credentials'

...

A refresh token must be retrieved using the Authorization Code or User Credentials grant types. This refresh token can then be used to generate a new access token of equal or lesser scope.

Code Block
bash
bash

$ curl -u CLIENT_ID:CLIENT_SECRET example.com/restful_api/token -d 'grant_type=refresh_token&refresh_token=REFRESH_TOKEN'

...