Veeqo now supports OAuth.
The update has been deployed and is now in a open beta. We’ve completed our initial testing and it all looks to be working well. We still need to update the documentation and there are few manual steps that need to be automated. However it is a much faster and more secure way of authentication for your apps in Veeqo - especially if your application is intended for public use by other Veeqo users.
We need you to give us your feedback on how it works and what we need to improve. Instructions follow.
OAuth Setup
0. Application Set Up
(This is the manual step that will eventually be automated)
Create a redirect_uri and let us know your application name. We will then send you your client_id and client_secret.
1. Authorizing the user
Assuming our application is set up like so:
-
client_id: 4f8a5d37071f0955e3c8a3dcbf3ff0b53c0699d2085cc6b01707fb3eb9912652
-
client_secret: dd04814c033fdbc9a01a9b68100d359edaa41d8ad702a03ae221dd456da1d59c
-
redirect_uri: http://example.com/test_oauth_callback
-
Redirect the user to the authorize URL on the page that they redirect the user from (marketing site), e.g: https://api.veeqo.com/oauth/authorize?client_id=4f8a5d37071f0955e3c8a3dcbf3ff0b53c0699d2085cc6b01707fb3eb9912652&redirect_uri=http%3A%2F%2Fexample.com%2Ftest_oauth_callback&response_type=code&scope=
-
Get user to authorize the app
2. Get authorization code
It is returned in the code param of the redirect uri (e.g. http://example.com/test_oauth_callback?code=acc2658ced4f9eea257c9da72acea1c97f9e1b1db2118b565355532af13591d7) - this code lasts only 10 minutes
3. Make a request for the permanent token
Make a request to https://api.veeqo.com/oauth/token
using client id, client secret, temporary code, e.g:
Request URL: /oauth/token
Method: POST
Params:
grant_type: authorization_code
redirect_uri: http://example.com/test_oauth_callback
client id: 4f8a5d37071f0955e3c8a3dcbf3ff0b53c0699d2085cc6b01707fb3eb9912652
client secret: dd04814c033fdbc9a01a9b68100d359edaa41d8ad702a03ae221dd456da1d59c
code: acc2658ced4f9eea257c9da72acea1c97f9e1b1db2118b565355532af13591d7
Should return a response like so:
{
"access_token": "82d7b651f3634a5243c4155f8832f09b30de0c115280d0c2ef62512e6bc5312e",
"token_type": "bearer",
"created_at": 1510741588
}
access_token
is the token to use in further requests - should be saved permanently!
4. Save the access_token value
This should be saved from the last request
5. Make a request
Make a request like normal with our bearer token, e.g.
Request URL: /current_user
Method: GET
Headers:
Authorization: Bearer 82d7b651f3634a5243c4155f8832f09b30de0c115280d0c2ef62512e6bc5312e