oAuth

OAuth is a widely adopted protocol for securing API access by clients. It enables a client to access protected resources on behalf of a user, without the need for the user to share their credentials with the client. OAuth also provides a framework for granting and revoking access to resources, making it a secure and flexible solution for API access.

In this article, we will discuss how a client can implement the OAuth flow to access tinyEmail API. We will cover the OAuth 2.0 protocol, which is the most widely used version of OAuth, it involves:

  1. Registering the application and obtaining a client ID and secret.
    Currently, it can be done through our support channel: [email protected] or In-app Chat .
    For this you have to submit your account email and redirect URI as a result you'll have set up your client with these parameters
    YOUR_CLIENT_ID
    YOUR_CLIENT_SECRET
    YOUR_CLIENT_REDIRECT_URI
  2. Redirecting the user to our authorization URL (https://api.tinyemail.com/api/authorization-server/oauth/authorize) to grant access and receive an authorization code.
    https://api.tinyemail.com/api/authorization-server/oauth/authorize?grant_type=authorization_code&response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_CLIENT_REDIRECT_URI&scope=<access_scopes>
  3. Exchanging the authorization code for an access token using our access token URL (https://api.tinyemail.com/api/authorization-server/oauth/token).
  4. Using the access token to authenticate requests to our API by including it in the Authorization header.
    POST https://api.tinyemail.com/api/authorization-server/oauth/token?response_type=token&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&code=<your_verification_code>&redirect_uri=YOUR_CLIENT_REDIRECT_URI&grant_type=authorization_code
  5. You can now use that access token in the header of your API requests as follows:
    Authorization: Bearer 822bbf7cd12243df...
  6. If necessary, refreshing the access token using our refresh token URL (https://api.tinyemail.com/api/authorization-server/oauth/token).
    POST https://api.tinyemail.com/api/authorization-server/oauth/token?grant_type=refresh_token&refresh_token=YOUR_CLIENT_REFRESH_TOKEN&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET

Following these steps will enable clients to securely access our API without requiring users to share their credentials.

Scopes

NameDescription
import_customersAllow API to create/update/get customer resources