Enterprise Feature
This feature is only available to customers with an enterprise Platform subscription. Please get in touch to discuss enabling it on your account.
To enable OAuth 2.0, developers need to register an OAuth client Platform resource for their application. An OAuth client resource represents any web-based or native application that will interact with the platform on behalf of the Application User, using their API key.

The EVRYTHNG Platform allows registration of multiple OAuth clients for the application. The registration process requires a redirect URL where users will be directed after allowing or declining access for the application.

Each successfully registered client is granted unique credentials. As long as the platform supports only Implicit Grant authorization flow, the client ID is the only part of the credentials that is needed to obtain the Application User access token.

API Status
General Availability:
`/projects/:projectId/applications/:applicationId/oauthClients`
`/projects/:projectId/applications/:applicationId/oauthClients/:clientId`
`auth.evrythng.com/oauth/authorize`

OAuthClientDocument Data Model

Create an OAuth Client

Registers a new OAuth client granted with unique client ID.

Read All OAuth Clients

Returns an array of OAuth clients.

Read an OAuth Client

Reads the OAuth client.

Update an OAuth Client

Updates the OAuth client. As soon as the redirect URL is modified, the old URL is not used for users redirection.

Delete an OAuth Client

Delete the OAuth client. After the client is removed, it is not allowed to obtain the Application User access token anymore.

OAuth Authorize

Third party applications can use OAuth 2.0 to authenticate their EVRYTHNG users.

Application owners set up an OAuth client (see above) and receive a clientId. They can then obtain a user token by performing OAuth 2.0 implicit grant type flow, as defined in RFC 6749 specification.

Once the users are authenticated and have agreed to give access to their account, their Application User API key is returned to User Agent using a redirection mechanism.

The client application can use it to interact with the EVRYTHNG API.

OAuth Client Authorize Request

Request a user token using an existing OAuth Client.

Query Parameters

client_id - Ref, Required
ID of the registered OAuth client.
response_type - String, Required
OAuth 2.0 grant type. Only token is supported.
redirect_uri - URI
Possible override of the default redirectUrl defined in the OAuth client object. Only the query string of the URI can be overridden. Any non matching URI will be rejected.
state - String
A custom value forwarded without transformation in the fragment of the redirect response. Recommended to prevent a Cross-Site Request Forgery.

Response Parameters (in fragment)

access_token - API Key
The User API key.
token_type - String
Fixed value: apikey.
state - String
If present in the request, the same value is returned here.
error - String
In case of an unsuccessful (but valid) request, the reason of the failure is returned here.

In case the users refuse to give access to their data, the fragment contains an error=access_denied parameter instead of the access_token. The state parameter is forwarded as-is in all cases: