OAuth2 is used to authorize requests in HeySpace API. You can create your own OAuth application under Settings > Developer Console. Client Id and secret will be generated for your app. Do not share your client secret with anyone. You can also invite collaborators to your app.
HeySpace supports Authorization Code and Implicit grant types.
Scopes are subject to change to be more granular in future.
In order to authorize with OAuth2 you should follow this steps:
- Redirect user to
https://app.hey.space/oauth/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&scope=heyspace&response_type=code&state=<optional>
An optional state parameter should be included in all requests to protect against Cross-site request forgery (CSRF) attacks.
redirect_uri is mendatory to let know our server where to put access token. If you are testing OAuth2 flow in this site, set your Redirect uris in Developer Console to: https://heyspace.docs.stoplight.io/oauth/callback/success
All of this query parameters must match with those specified in your App settings.
- User will be prompted to grant permissions for your App in HeySpace. Once accepted, user will be redirected to redirect_uri:
https://example.com?state=<state>&code=<authorization_code>
- Using authorization_code in Get access token endpoint request you can exchange access_token and attach it as
Authorization: Bearer <access_token>
header.