Workflow /authorize and further /oauth/token

Hi everyone,
Please clarify for me a little bit the entire workflow with tokens.

To authorize customer we need to provide client link “GET /authorize” with all required parameters. This is the only way how to generate access/refresh token. It’s impossible to make an API call for authorized customer to retrieve again the “code”. Which is required for access/refresh token.

So we have this code and we don’t need to save it somewhere in session or database. We just use it for POST /oauth/token . In response we have two tokens. Access and Refresh tokens we need to save into customer’s session or into database for further usage.

And then I can make all required requests with access_token. When response has 4xx error I call POST /oauth/token (grant_type=refresh_token&refresh_token=asdfasdfdsf…), update in customer’s session access token and make on more attempt with this new token.

Is everything correct what I wrote here?

Hi @zhartaunik,

This all depends on the grant type, and it sounds like you are using the authorization code flow (typically for regular web apps). If that is the case, you have it correct!

For more info:

If you would like to see an example check out our quickstarts:

Let me know if that makes sense.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.