History: Api Oauth Doc
Source of version: 3 (current)
Copy to clipboard
{DIV(class="content-section" id="oauth-public-key")}
!! Get Tiki OAuth server public key
Get Tiki OAuth server public key used to verify JWT access tokens
{TABS(name="dochome" tabs="Request URL | cURL | PHP | JavaScript | Response" toggle="y" inside_pretty="n")}
{CODE(caption="Request URL - oauth/public-key" colors="http" theme="default")}https://example.com/api/oauth/public-key{CODE}
/////
{DIV()}
{CODE(caption="cURL - oauth/public-key" colors="http" theme="default")}
curl -X 'GET' \
'https://example.com/api/oauth/public-key' \
-H 'accept: application/json'
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="PHP - oauth/public-key" colors="php" theme="ambiance" colors="php")}
<?php
$url = 'https://example.com/api/oauth/public-key';
$headers = [
'Accept: application/json'
];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
if (curl_errno($ch)) {
$error_msg = curl_error($ch);
echo 'Error: ' . $error_msg;
} else {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code === 200) {
$data = json_decode($response, true);
print_r($data);
} else {
echo 'Error: HTTP status code ' . $http_code;
}
}
curl_close($ch);
?>
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="Javascript - oauth/public-key" colors="javascript" theme="ambiance" colors="javascript")}
fetch('https://example.com/api/oauth/public-key', {
method: 'GET',
headers: {
'Accept': 'application/json'
}
})
.then(res => {
if (!res.ok) throw new Error("HTTP " + res.status);
return res.json();
})
.then(data => {
console.log(data);
})
.catch(err => {
console.log('Fetch error: ' + err.message);
});
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="response - oauth/public-key" colors="javascript" theme="ambiance" colors="javascript")}
{
"key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dFZXhXcEbNxGN4QkkzL\njYkSLyt5c/Jx/V9DvkxOha3A5dJVAtgwExGqA5A3r1A1KmCrqr9OyuVmdjaDM1Vj\nayR8HaZH5g0Ih0n1tUlvHwuCAX+myWkTcEs+tpZ71xcoxo/B9k/FihW5iie4SNCB\nFDMNU9cYToXRjVeOPRHD9nqzHt706WCgSD9mHZnMBSR7sJ1tMjBXrrKzUjcGwPwF\nokoK0JbqRIceewV/ceKBSpR0le502ys88X16G/7gMxxkbRKUDmrEr6draMDiT3S8\nsv7zUDqgnXf76nzeemtjjAYmXFxIV4XPgZLEq1YA5u2no9WijLrNePttORNf4djx\nJwIDAQAB\n-----END PUBLIC KEY-----\n"
}
{CODE}
{DIV}
{TABS}
!!! Parameters
No parameters.
{DIV}
{DIV(id="oauth-authorize" class="content-section d-none")}
!!! Authorize endpoint used with Authorization Code Grant flow
Authorize endpoint used with Authorization Code Grant flow. Send your target users here to start the authorization flow - this will request users to authenticate in Tiki and then send back a short-lived code to the redirect uri that you can exchange then for an access token.
{TABS(name="docauth" tabs="Request URL| cURL | PHP | JavaScript | Response" toggle="y" inside_pretty="n")}
{DIV()}
{CODE(caption="Request URL- oauth/authorize" colors="http" theme="default")}https://example.com/api/oauth/authorize{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="cURL - oauth/authorize" colors="http" theme="default")}
curl -X 'GET' \
'http://example.com/api/oauth/authorize?response_type=code&client_id=4bad4fe93f6b4b49a5d97947473857a4&redirect_uri=http://example.com/tracker4' \
-H 'accept: application/json'
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="PHP - oauth/authorize" colors="php" theme="default" ln="1")}
<?php
$url = 'https://example.com/api/oauth/authorize?' . http_build_query([
'response_type' => 'code',
'client_id' => '4bad4fe93f6b4b49a5d97947473857a4',
'redirect_uri' => 'https://example.com/tracker4',
]);
$headers = ['Accept: application/json'];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
$php_output = '';
if (curl_errno($ch)) {
$error_msg = curl_error($ch);
echo 'Error: ' . $error_msg;
} else {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code === 200) {
$data = json_decode($response, true);
print_r($data);
} else {
echo 'Error: HTTP status code ' . $http_code;
}
}
curl_close($ch);
?>
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="JavaScript - oauth/authorize" colors="javascript" theme="default")}
const params = new URLSearchParams({
response_type: 'code',
client_id: '4bad4fe93f6b4b49a5d97947473857a4',
redirect_uri: 'https://example.com/tracker4'
});
fetch('http://example.com/api/oauth/authorize?' + params.toString(), {
method: 'GET',
headers: {
'Accept': 'application/json'
}
})
.then(res => {
if (!res.ok) throw new Error("HTTP " + res.status);
return res.json();
})
.then(data => {
console.log(data);
})
.catch(err => {
console.log('Fetch error: ' + err.message);
});
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="response - oauth/authorize" colors="javascript" theme="default")}
{
"code": "string",
"state": "string"
}
{CODE}
{DIV}
{TABS}
!!!! Parameters
* __response_type__ ''string'' ~~#fe0000:*~~: Should always be: code
* __client_id__ ''string'' ~~#fe0000:*~~: Your application client id generated by the Tiki OAuth server.
* __redirect_uri__ ''string'' ~~#fe0000:*~~: Where should the user be redirected back when they authorize in Tiki. This should be an URL on your site to read back the generated code and exchange it for an access token.
* __scope__ ''string'' ''Optional'': A space delimited list of scopes. This is optional.
* __state__ ''string'' ''Optional'': Random string used as a CSRF value. You should compare the state value retrieved with the access token to this one.
{DIV}
{DIV(id="oauth-access_token" class="content-section d-none")}
!!! Get Tiki Access Token
Retrieve a fresh access token for API access. Depending on the grant type you use, different parameters are required. Client Credentials grant type requires you to send a client secret. Authorization Code grant type requires you to send a code generated by the authorize endpoint. Refresh Token grant type requires you to send your valid refresh token.
{TABS(name="docaccess" tabs="Request URL | cURL | PHP | JavaScript | Response" toggle="y" inside_pretty="n")}
{DIV()}
{CODE(caption="Request URL - oauth/authorize" colors="http" theme="default")}
https://example.com/api/oauth/access_token
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="cURL - /oauth/access_token" colors="http" theme="default")}
curl -X 'GET' \
'http://example.com/api/oauth/access_token? grant_type=client_credentials&client_id=4bad4fe93f6b4b49a5d97947473857a4&client_secret=312104ad686. 1eed0f6fc4647be1ba31cf2b5722521246d3705233ce5e1b82784' \
-H 'accept: application/json'
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="PHP - /oauth/access_token" colors="php" theme="ambiance")}
<?php
$url = 'http://example.com/api/oauth/access_token?' . http_build_query([
'grant_type' => 'client_credentials',
'client_id' => '4bad4fe93f6b4b49a5d97947473857a4',
'client_secret' => '312104ad6861eed0f6fc4647be1ba31cf2b5722521246d3705233ce5e1b82784'
]);
$headers = ['Accept: application/json'];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
if (curl_errno($ch)) {
$error_msg = curl_error($ch);
echo 'Error: ' . $error_msg;
} else {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code === 200) {
$data = json_decode($response, true);
print_r($data);
} else {
echo 'Error: HTTP status code ' . $http_code;
}
}
curl_close($ch);
?>
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="PHP - /oauth/access_token" colors="javascript" theme="ambiance")}
const params = new URLSearchParams({
grant_type: 'client_credentials',
client_id: '4bad4fe93f6b4b49a5d97947473857a4',
client_secret: '312104ad6861eed0f6fc4647be1ba31cf2b5722521246d3705233ce5e1b82784'
});
fetch('http://example.com/api/oauth/access_token?' + params.toString(), {
method: 'GET',
headers: {
'Accept': 'application/json'
}
})
.then(res => {
if (!res.ok) throw new Error("HTTP " + res.status);
return res.json();
})
.then(data => {
console.log(data);
})
.catch(err => {
console.log('Fetch error: ' + err.message);
});
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="response - oauth/access_token" colors="javascript" theme="default")}
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI0YmFkNGZlOTNmNmI0YjQ5YTVkOTc5NDc0NzM4NTdhNCIsImp0aSI6ImQzZmM3ZGE2NmQ5MjQ5MzNjNWNmODJmNzg3YjdkYmQ3NTE1YTMwYTA3ZDA5ZjE2ODkxZThhMGM1NDE1MDIzZjViYjEwOGFjZmIyMjQzM2I3IiwiaWF0IjoxNzU0MDc5NjY2LjQ4MDIzLCJuYmYiOjE3NTQwNzk2NjYuNDgwMjM0LCJleHAiOjE3NTQwODMyNjYuNDc3NjYxLCJzdWIiOiIiLCJzY29wZXMiOltdfQ.PUBuLfJcpLCNxzqifrJ6CAUFTdRDXkmW9X3QqSuFadGX6UNNXnVIk7fx6zhG-uMDs-tIH4Sk0HEav6sBKzi-c4stMMBcTl-3hUt5I2iy3eMlT27w7x1ExScXnn5NBHr-JtIwnng6b91uoMsfd9RQb5PuMVyL7GMQoLqk_ox5mqOnFYSyLxEoNdQE4OFY7stbwPB8x_w0vPx43gb46iFWygJtpVJNmWjQ4DQJUHgz-Mkwl-2fIO6_apmTcRXmCbMfSThbs3lqe-5nhkSCnKTQUcWNHBL-Jxt5r70Y-pht9hqT-GItzPvIDMGP8rXhf2a2IxlWmlIKLEX4rotDjb32UA"
}
{CODE}
{DIV}
{TABS}
!!!! Parameters
* __grant_type__ ''string'' ~~#fe0000:*~~: One of: client_credentials, authorization_code, refresh_token
* __client_id__ ''string'' ~~#fe0000:*~~: Your application client id generated by the Tiki OAuth server.
* __client_secret__ ''string'' ~~#fe0000:*~~: Your application client secret generated by the Tiki OAuth server.
* __scope__ ''string'' ''Optional'': A space delimited list of scopes. Valid with __client_credentials__ or __refresh_token__ grant type.
* __refresh_token__ ''string'' ''Optional'': Your refresh token. Use to renew an expired access token and get a new refresh token.
* __code__ ''string'' ''Optional'': Required if authorization_code grant is used. Retrive this code by sending the user to authorize endpoint first.
* __redirect_uri__ ''string'' ''Optional'': Should be the same redirect uri you used in authorize endpoint.
{DIV}
{DIV(id="version" class="content-section d-none")}
!!! Get current Tiki API version
{TABS(name="docversion" tabs="Request URL | cURL | PHP | JavaScript | Response" toggle="y" inside_pretty="n")}
{DIV()}
{CODE(caption="Request URL - version" colors="http" theme="default")}https://example.com/api/version{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="cURL - version" colors="http" theme="default")}
curl -X 'GET' \
'https://example.com/api/version' \
-H 'accept: application/json'
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="PHP - version" colors="php" theme="ambiance")}
<?php
$url = 'https://example.com/api/version';
$headers = ['Accept: application/json'];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$response = curl_exec($ch);
if (curl_errno($ch)) {
$error_msg = curl_error($ch);
echo 'Error: ' . $error_msg;
} else {
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($http_code === 200) {
$data = json_decode($response, true);
print_r($data);
} else {
echo 'Error: HTTP status code ' . $http_code;
}
}
curl_close($ch);
?>
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="PHP - version" colors="javascript" theme="ambiance")}
fetch('https://example.com/api/version', {
method: 'GET',
headers: {
'Accept': 'application/json'
}
})
.then(res => {
if (!res.ok) throw new Error("HTTP " + res.status);
return res.json();
})
.then(data => {
console.log(data);
})
.catch(err => {
console.log('Fetch error: ' + err.message);
});
{CODE}
{DIV}
/////
{DIV()}
{CODE(caption="response - version" colors="javascript" theme="default")}
{
"version": "30.0vcs"
}
{CODE}
{DIV}
{TABS}
!!!! Parameters
No parameters.
{DIV}