Loading...
 
Skip to main content

Api Oauth Doc

Get Tiki OAuth server public key


Get Tiki OAuth server public key used to verify JWT access tokens

Request URL - oauth/public-key
Copy to clipboard
https://example.com/api/oauth/public-key


cURL - oauth/public-key
Copy to clipboard
curl -X 'GET' \ 'https://example.com/api/oauth/public-key' \ -H 'accept: application/json'


PHP - oauth/public-key
Copy to clipboard
<?php $url = 'https://example.com/api/oauth/public-key'; $headers = [ 'Accept: application/json' ]; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); if (curl_errno($ch)) { $error_msg = curl_error($ch); echo 'Error: ' . $error_msg; } else { $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code === 200) { $data = json_decode($response, true); print_r($data); } else { echo 'Error: HTTP status code ' . $http_code; } } curl_close($ch); ?>


Javascript - oauth/public-key
Copy to clipboard
fetch('https://example.com/api/oauth/public-key', { method: 'GET', headers: { 'Accept': 'application/json' } }) .then(res => { if (!res.ok) throw new Error("HTTP " + res.status); return res.json(); }) .then(data => { console.log(data); }) .catch(err => { console.log('Fetch error: ' + err.message); });


response - oauth/public-key
Copy to clipboard
{ "key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dFZXhXcEbNxGN4QkkzL\njYkSLyt5c/Jx/V9DvkxOha3A5dJVAtgwExGqA5A3r1A1KmCrqr9OyuVmdjaDM1Vj\nayR8HaZH5g0Ih0n1tUlvHwuCAX+myWkTcEs+tpZ71xcoxo/B9k/FihW5iie4SNCB\nFDMNU9cYToXRjVeOPRHD9nqzHt706WCgSD9mHZnMBSR7sJ1tMjBXrrKzUjcGwPwF\nokoK0JbqRIceewV/ceKBSpR0le502ys88X16G/7gMxxkbRKUDmrEr6draMDiT3S8\nsv7zUDqgnXf76nzeemtjjAYmXFxIV4XPgZLEq1YA5u2no9WijLrNePttORNf4djx\nJwIDAQAB\n-----END PUBLIC KEY-----\n" }



Parameters


No parameters.

Authorize endpoint used with Authorization Code Grant flow


Authorize endpoint used with Authorization Code Grant flow. Send your target users here to start the authorization flow - this will request users to authenticate in Tiki and then send back a short-lived code to the redirect uri that you can exchange then for an access token.

Request URL- oauth/authorize
Copy to clipboard
https://example.com/api/oauth/authorize


cURL - oauth/authorize
Copy to clipboard
curl -X 'GET' \ 'http://example.com/api/oauth/authorize?response_type=code&client_id=4bad4fe93f6b4b49a5d97947473857a4&redirect_uri=http://example.com/tracker4' \ -H 'accept: application/json'


PHP - oauth/authorize
Copy to clipboard
<?php $url = 'https://example.com/api/oauth/authorize?' . http_build_query([ 'response_type' => 'code', 'client_id' => '4bad4fe93f6b4b49a5d97947473857a4', 'redirect_uri' => 'https://example.com/tracker4', ]); $headers = ['Accept: application/json']; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); $php_output = ''; if (curl_errno($ch)) { $error_msg = curl_error($ch); echo 'Error: ' . $error_msg; } else { $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code === 200) { $data = json_decode($response, true); print_r($data); } else { echo 'Error: HTTP status code ' . $http_code; } } curl_close($ch); ?>


JavaScript - oauth/authorize
Copy to clipboard
const params = new URLSearchParams({ response_type: 'code', client_id: '4bad4fe93f6b4b49a5d97947473857a4', redirect_uri: 'https://example.com/tracker4' }); fetch('http://example.com/api/oauth/authorize?' + params.toString(), { method: 'GET', headers: { 'Accept': 'application/json' } }) .then(res => { if (!res.ok) throw new Error("HTTP " + res.status); return res.json(); }) .then(data => { console.log(data); }) .catch(err => { console.log('Fetch error: ' + err.message); });


response - oauth/authorize
Copy to clipboard
{ "code": "string", "state": "string" }



Parameters

  • response_type string *: Should always be: code

  • client_id string *: Your application client id generated by the Tiki OAuth server.

  • redirect_uri string *: Where should the user be redirected back when they authorize in Tiki. This should be an URL on your site to read back the generated code and exchange it for an access token.

  • scope string Optional: A space delimited list of scopes. This is optional.

  • state string Optional: Random string used as a CSRF value. You should compare the state value retrieved with the access token to this one.


Get Tiki Access Token


Retrieve a fresh access token for API access. Depending on the grant type you use, different parameters are required. Client Credentials grant type requires you to send a client secret. Authorization Code grant type requires you to send a code generated by the authorize endpoint. Refresh Token grant type requires you to send your valid refresh token.

Request URL - oauth/authorize
Copy to clipboard
https://example.com/api/oauth/access_token


cURL - /oauth/access_token
Copy to clipboard
curl -X 'GET' \ 'http://example.com/api/oauth/access_token? grant_type=client_credentials&client_id=4bad4fe93f6b4b49a5d97947473857a4&client_secret=312104ad686. 1eed0f6fc4647be1ba31cf2b5722521246d3705233ce5e1b82784' \ -H 'accept: application/json'


PHP - /oauth/access_token
Copy to clipboard
<?php $url = 'http://example.com/api/oauth/access_token?' . http_build_query([ 'grant_type' => 'client_credentials', 'client_id' => '4bad4fe93f6b4b49a5d97947473857a4', 'client_secret' => '312104ad6861eed0f6fc4647be1ba31cf2b5722521246d3705233ce5e1b82784' ]); $headers = ['Accept: application/json']; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); if (curl_errno($ch)) { $error_msg = curl_error($ch); echo 'Error: ' . $error_msg; } else { $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code === 200) { $data = json_decode($response, true); print_r($data); } else { echo 'Error: HTTP status code ' . $http_code; } } curl_close($ch); ?>


PHP - /oauth/access_token
Copy to clipboard
const params = new URLSearchParams({ grant_type: 'client_credentials', client_id: '4bad4fe93f6b4b49a5d97947473857a4', client_secret: '312104ad6861eed0f6fc4647be1ba31cf2b5722521246d3705233ce5e1b82784' }); fetch('http://example.com/api/oauth/access_token?' + params.toString(), { method: 'GET', headers: { 'Accept': 'application/json' } }) .then(res => { if (!res.ok) throw new Error("HTTP " + res.status); return res.json(); }) .then(data => { console.log(data); }) .catch(err => { console.log('Fetch error: ' + err.message); });


response - oauth/access_token
Copy to clipboard
{ "token_type": "Bearer", "expires_in": 3600, "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI0YmFkNGZlOTNmNmI0YjQ5YTVkOTc5NDc0NzM4NTdhNCIsImp0aSI6ImQzZmM3ZGE2NmQ5MjQ5MzNjNWNmODJmNzg3YjdkYmQ3NTE1YTMwYTA3ZDA5ZjE2ODkxZThhMGM1NDE1MDIzZjViYjEwOGFjZmIyMjQzM2I3IiwiaWF0IjoxNzU0MDc5NjY2LjQ4MDIzLCJuYmYiOjE3NTQwNzk2NjYuNDgwMjM0LCJleHAiOjE3NTQwODMyNjYuNDc3NjYxLCJzdWIiOiIiLCJzY29wZXMiOltdfQ.PUBuLfJcpLCNxzqifrJ6CAUFTdRDXkmW9X3QqSuFadGX6UNNXnVIk7fx6zhG-uMDs-tIH4Sk0HEav6sBKzi-c4stMMBcTl-3hUt5I2iy3eMlT27w7x1ExScXnn5NBHr-JtIwnng6b91uoMsfd9RQb5PuMVyL7GMQoLqk_ox5mqOnFYSyLxEoNdQE4OFY7stbwPB8x_w0vPx43gb46iFWygJtpVJNmWjQ4DQJUHgz-Mkwl-2fIO6_apmTcRXmCbMfSThbs3lqe-5nhkSCnKTQUcWNHBL-Jxt5r70Y-pht9hqT-GItzPvIDMGP8rXhf2a2IxlWmlIKLEX4rotDjb32UA" }



Parameters

  • grant_type string *: One of: client_credentials, authorization_code, refresh_token

  • client_id string *: Your application client id generated by the Tiki OAuth server.

  • client_secret string *: Your application client secret generated by the Tiki OAuth server.

  • scope string Optional: A space delimited list of scopes. Valid with client_credentials or refresh_token grant type.

  • refresh_token string Optional: Your refresh token. Use to renew an expired access token and get a new refresh token.

  • code string Optional: Required if authorization_code grant is used. Retrive this code by sending the user to authorize endpoint first.

  • redirect_uri string Optional: Should be the same redirect uri you used in authorize endpoint.


Get current Tiki API version

Request URL - version
Copy to clipboard
https://example.com/api/version


cURL - version
Copy to clipboard
curl -X 'GET' \ 'https://example.com/api/version' \ -H 'accept: application/json'


PHP - version
Copy to clipboard
<?php $url = 'https://example.com/api/version'; $headers = ['Accept: application/json']; $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $response = curl_exec($ch); if (curl_errno($ch)) { $error_msg = curl_error($ch); echo 'Error: ' . $error_msg; } else { $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($http_code === 200) { $data = json_decode($response, true); print_r($data); } else { echo 'Error: HTTP status code ' . $http_code; } } curl_close($ch); ?>


PHP - version
Copy to clipboard
fetch('https://example.com/api/version', { method: 'GET', headers: { 'Accept': 'application/json' } }) .then(res => { if (!res.ok) throw new Error("HTTP " + res.status); return res.json(); }) .then(data => { console.log(data); }) .catch(err => { console.log('Fetch error: ' + err.message); });


response - version
Copy to clipboard
{ "version": "30.0vcs" }


Parameters


No parameters.

Show PHP error messages