API:
Documentation

OAuth

Web Application Flow
Personal tokens
Redirect URLs

Web Application Flow

1. Redirect users to request tookapic access.
GET /oauth2/authorize
Parameters
NameTypeDescription
client_idstringRequired. The client ID you received from tookapic when you registered.
redirect_uristringRequired. The URL in your application where users will be sent after authorization. See details below about Redirect URLs.
statestringRequired. An unguessable random string. It is used to protect against cross-site request forgery attacks.
response_typestringRequired. The response type value is code.
2. Tookapic redirects back to your site.

If the user accepts your request, tookapic redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. If the states don’t match, the request has been created by a third party and the process should be aborted.

Exchange this for an access token:

POST /oauth2/token
Parameters
NameTypeDescription
client_idstringRequired. The client ID you received from tookapic when you registered.
client_secretstringRequired. The client secret you received from tookapic when you registered.
codestringRequired. The code you received as a response to Step 1.
redirect_uristringRequired. The URL in your application where users will be sent after authorization. See details below about Redirect URLs.
Response
{
    "access_token": "ILkFbRqaeQf880uwYG0nVkc1bT6nUPrut12mUcjr",
    "token_type": "Bearer",
    "expires_in": 3600,
    "refresh_token": "HC7b9AhGX5tFE65Ui73PBnmJcnI2mOlLw8fuwRdG"
}
3. Use the access token to access the API.

The access token allows you to make requests to the API on a behalf of a user.

GET https://api.tookapic.com/users?access_token=ACCESS_TOKEN

You can pass the token in the query parameters like shown above, but a cleaner approach is to include it in the Authorization header:

Authorization: Bearer ACCESS_TOKEN

For example, in curl you can set the Authorization header like this:

curl -H "Authorization: Bearer ACCESS_TOKEN" https://api.tookapic.com/users

Redirect URLs

CALLBACK: http://example.com/path
GOOD: http://example.com/path
GOOD: http://example.com/path/subdir/other
GOOD: myapplication://phone-callback
BAD:  http://example.com/
BAD:  http://example.com/bar
BAD:  http://example.com:8080/path
BAD:  http://oauth.example.com:8080/path
BAD:  http://example.org
BAD:  ssh://example.com

Pawel from Tookapic

Hi, I’m happy to help you with any tookapic subject, however, before you send me a message, please look at Help section where you can find answers for most questions.

We’ll reply shortly!

Please note that answers for most questions about tookapic can be found in the Help section.