Overview
Rate Limiting
Translations
Authentication
Project followers
Authentication
Extensions
List followers
Lists
Message reactions
Messages
OAuth2
Organization Extensions
Organization Integrations
Organization people
Organizations
Project People
Projects
Tags
Task attachments
Task checklist
Task followers
Task people
Task tags
Tasks
User Notifications
User Statuses
Users
Notifications
ViewSettings
LinkedViewSettings
Activities
Models
Powered by Stoplight

OAuth2 is used to authorize requests in HeySpace API. You can create your own OAuth application under Settings > Developer Console. Client Id and secret will be generated for your app. Do not share your client secret with anyone. You can also invite collaborators to your app.

HeySpace Developer Console

HeySpace supports Authorization Code and Implicit grant types.

Scopes are subject to change to be more granular in future.

In order to authorize with OAuth2 you should follow this steps:

  1. Redirect user to https://app.hey.space/oauth/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&scope=heyspace&response_type=code&state=<optional>

An optional state parameter should be included in all requests to protect against Cross-site request forgery (CSRF) attacks.

redirect_uri is mendatory to let know our server where to put access token. If you are testing OAuth2 flow in this site, set your Redirect uris in Developer Console to: https://heyspace.docs.stoplight.io/oauth/callback/success

All of this query parameters must match with those specified in your App settings.

  1. User will be prompted to grant permissions for your App in HeySpace. Once accepted, user will be redirected to redirect_uri:

https://example.com?state=<state>&code=<authorization_code>

  1. Using authorization_code in Get access token endpoint request you can exchange access_token and attach it as Authorization: Bearer <access_token> header.