Api Oauth Doc
Get Tiki OAuth server public key
Get Tiki OAuth server public key used to verify JWT access tokens
https://example.com/api/oauth/public-key
curl -X 'GET' \ 'https://example.com/api/oauth/public-key' \ -H 'accept: application/json'
<?php $url = 'https://example.com/api/oauth/public-key'; $headers = [ 'Accept: application/json' ]; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); if (curl_errno($ch)) { $error_msg = curl_error($ch); echo 'Error: ' . $error_msg; } else { $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code === 200) { $data = json_decode($response, true); print_r($data); } else { echo 'Error: HTTP status code ' . $http_code; } } curl_close($ch); ?>
fetch('https://example.com/api/oauth/public-key', { method: 'GET', headers: { 'Accept': 'application/json' } }) .then(res => { if (!res.ok) throw new Error("HTTP " + res.status); return res.json(); }) .then(data => { console.log(data); }) .catch(err => { console.log('Fetch error: ' + err.message); });
{ "key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dFZXhXcEbNxGN4QkkzL\njYkSLyt5c/Jx/V9DvkxOha3A5dJVAtgwExGqA5A3r1A1KmCrqr9OyuVmdjaDM1Vj\nayR8HaZH5g0Ih0n1tUlvHwuCAX+myWkTcEs+tpZ71xcoxo/B9k/FihW5iie4SNCB\nFDMNU9cYToXRjVeOPRHD9nqzHt706WCgSD9mHZnMBSR7sJ1tMjBXrrKzUjcGwPwF\nokoK0JbqRIceewV/ceKBSpR0le502ys88X16G/7gMxxkbRKUDmrEr6draMDiT3S8\nsv7zUDqgnXf76nzeemtjjAYmXFxIV4XPgZLEq1YA5u2no9WijLrNePttORNf4djx\nJwIDAQAB\n-----END PUBLIC KEY-----\n" }
Parameters
No parameters.
Authorize endpoint used with Authorization Code Grant flow
Authorize endpoint used with Authorization Code Grant flow. Send your target users here to start the authorization flow - this will request users to authenticate in Tiki and then send back a short-lived code to the redirect uri that you can exchange then for an access token.
https://example.com/api/oauth/authorize
curl -X 'GET' \ 'http://example.com/api/oauth/authorize?response_type=code&client_id=4bad4fe93f6b4b49a5d97947473857a4&redirect_uri=http://example.com/tracker4' \ -H 'accept: application/json'
<?php $url = 'https://example.com/api/oauth/authorize?' . http_build_query([ 'response_type' => 'code', 'client_id' => '4bad4fe93f6b4b49a5d97947473857a4', 'redirect_uri' => 'https://example.com/tracker4', ]); $headers = ['Accept: application/json']; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); $php_output = ''; if (curl_errno($ch)) { $error_msg = curl_error($ch); echo 'Error: ' . $error_msg; } else { $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code === 200) { $data = json_decode($response, true); print_r($data); } else { echo 'Error: HTTP status code ' . $http_code; } } curl_close($ch); ?>
const params = new URLSearchParams({ response_type: 'code', client_id: '4bad4fe93f6b4b49a5d97947473857a4', redirect_uri: 'https://example.com/tracker4' }); fetch('http://example.com/api/oauth/authorize?' + params.toString(), { method: 'GET', headers: { 'Accept': 'application/json' } }) .then(res => { if (!res.ok) throw new Error("HTTP " + res.status); return res.json(); }) .then(data => { console.log(data); }) .catch(err => { console.log('Fetch error: ' + err.message); });
{ "code": "string", "state": "string" }
Parameters
- response_type string *: Should always be: code
- client_id string *: Your application client id generated by the Tiki OAuth server.
- redirect_uri string *: Where should the user be redirected back when they authorize in Tiki. This should be an URL on your site to read back the generated code and exchange it for an access token.
- scope string Optional: A space delimited list of scopes. This is optional.
- state string Optional: Random string used as a CSRF value. You should compare the state value retrieved with the access token to this one.
Get Tiki Access Token
Retrieve a fresh access token for API access. Depending on the grant type you use, different parameters are required. Client Credentials grant type requires you to send a client secret. Authorization Code grant type requires you to send a code generated by the authorize endpoint. Refresh Token grant type requires you to send your valid refresh token.
https://example.com/api/oauth/access_token
curl -X 'GET' \ 'http://example.com/api/oauth/access_token? grant_type=client_credentials&client_id=4bad4fe93f6b4b49a5d97947473857a4&client_secret=312104ad686. 1eed0f6fc4647be1ba31cf2b5722521246d3705233ce5e1b82784' \ -H 'accept: application/json'
<?php $url = 'http://example.com/api/oauth/access_token?' . http_build_query([ 'grant_type' => 'client_credentials', 'client_id' => '4bad4fe93f6b4b49a5d97947473857a4', 'client_secret' => '312104ad6861eed0f6fc4647be1ba31cf2b5722521246d3705233ce5e1b82784' ]); $headers = ['Accept: application/json']; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); if (curl_errno($ch)) { $error_msg = curl_error($ch); echo 'Error: ' . $error_msg; } else { $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code === 200) { $data = json_decode($response, true); print_r($data); } else { echo 'Error: HTTP status code ' . $http_code; } } curl_close($ch); ?>
const params = new URLSearchParams({ grant_type: 'client_credentials', client_id: '4bad4fe93f6b4b49a5d97947473857a4', client_secret: '312104ad6861eed0f6fc4647be1ba31cf2b5722521246d3705233ce5e1b82784' }); fetch('http://example.com/api/oauth/access_token?' + params.toString(), { method: 'GET', headers: { 'Accept': 'application/json' } }) .then(res => { if (!res.ok) throw new Error("HTTP " + res.status); return res.json(); }) .then(data => { console.log(data); }) .catch(err => { console.log('Fetch error: ' + err.message); });
{ "token_type": "Bearer", "expires_in": 3600, "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI0YmFkNGZlOTNmNmI0YjQ5YTVkOTc5NDc0NzM4NTdhNCIsImp0aSI6ImQzZmM3ZGE2NmQ5MjQ5MzNjNWNmODJmNzg3YjdkYmQ3NTE1YTMwYTA3ZDA5ZjE2ODkxZThhMGM1NDE1MDIzZjViYjEwOGFjZmIyMjQzM2I3IiwiaWF0IjoxNzU0MDc5NjY2LjQ4MDIzLCJuYmYiOjE3NTQwNzk2NjYuNDgwMjM0LCJleHAiOjE3NTQwODMyNjYuNDc3NjYxLCJzdWIiOiIiLCJzY29wZXMiOltdfQ.PUBuLfJcpLCNxzqifrJ6CAUFTdRDXkmW9X3QqSuFadGX6UNNXnVIk7fx6zhG-uMDs-tIH4Sk0HEav6sBKzi-c4stMMBcTl-3hUt5I2iy3eMlT27w7x1ExScXnn5NBHr-JtIwnng6b91uoMsfd9RQb5PuMVyL7GMQoLqk_ox5mqOnFYSyLxEoNdQE4OFY7stbwPB8x_w0vPx43gb46iFWygJtpVJNmWjQ4DQJUHgz-Mkwl-2fIO6_apmTcRXmCbMfSThbs3lqe-5nhkSCnKTQUcWNHBL-Jxt5r70Y-pht9hqT-GItzPvIDMGP8rXhf2a2IxlWmlIKLEX4rotDjb32UA" }
Parameters
- grant_type string *: One of: client_credentials, authorization_code, refresh_token
- client_id string *: Your application client id generated by the Tiki OAuth server.
- client_secret string *: Your application client secret generated by the Tiki OAuth server.
- scope string Optional: A space delimited list of scopes. Valid with client_credentials or refresh_token grant type.
- refresh_token string Optional: Your refresh token. Use to renew an expired access token and get a new refresh token.
- code string Optional: Required if authorization_code grant is used. Retrive this code by sending the user to authorize endpoint first.
- redirect_uri string Optional: Should be the same redirect uri you used in authorize endpoint.
Get current Tiki API version
https://example.com/api/version
curl -X 'GET' \ 'https://example.com/api/version' \ -H 'accept: application/json'
<?php $url = 'https://example.com/api/version'; $headers = ['Accept: application/json']; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); if (curl_errno($ch)) { $error_msg = curl_error($ch); echo 'Error: ' . $error_msg; } else { $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code === 200) { $data = json_decode($response, true); print_r($data); } else { echo 'Error: HTTP status code ' . $http_code; } } curl_close($ch); ?>
fetch('https://example.com/api/version', { method: 'GET', headers: { 'Accept': 'application/json' } }) .then(res => { if (!res.ok) throw new Error("HTTP " + res.status); return res.json(); }) .then(data => { console.log(data); }) .catch(err => { console.log('Fetch error: ' + err.message); });
{ "version": "30.0vcs" }
Parameters
No parameters.