- OAuth 2.0 protocol allows the resource owner to grant limited access to their resources available on one website, to another website.
- Additionally, it allows this access without any exposure of resource owner's credentials.
- Users can then revoke access to their data at any time.
Two standard types of flows are supported:
- API based workflow
- Redirection based workflow
API Based Workflow
The API-based workflow is a two step process:
Step 1
- Generate OTP for users using Generate OTP endpoints.
- User will obtain a One Time Password (OTP) on their registered email address with a validity of 10 mins.
HTTP Method | Resource | Description |
---|---|---|
GET | /oauth/authenticate/otp?username={username} | API accepts username and sends OTP to registered email. |
Important Links
Step 2
- Provide the OTP and username (user's email) to Verify the OTP endpoint.
- Obtain the
access_token
and use that with all subsequent requests
HTTP Method | Resource | Description |
---|---|---|
POST | /oauth/authenticate/otp?username={username}&otp={otp} | API accepts username and OTP to obtain resource owner's access_token. |