OAuth 
Web Application Flow
This is a description of the OAuth2 flow from 3rd party web sites.
Redirect users to request Sharesome access
GET http://sharesome.com/oauth/authorizeParameters
| Name | Type | Description |
|---|---|---|
client_id |
string |
Required. The client ID you received from Sharesome when you added new application. |
response_type |
string |
Required. At the moment the only available grant is Authorisation code grant: code. |
redirect_uri |
string |
The URL in your app where users will be sent after authorization. See details below about redirect urls. |
scope |
string |
A comma separated list of scopes. If not provided, scope defaults to basic scope. For users who do already have a valid token for the app, the user won’t be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the same scopes that were used last time the user completed the flow. |
state |
string |
An unguessable random string. It is used to protect against cross-site request forgery attacks. |
Sharesome redirects back to your site
If the user accepts your request, Sharesome redirects back to your site
with a temporary code in a code parameter as well as the state you provided in
the previous step in a state parameter. If the states don’t match, the request
has been created by a third party and the process should be aborted.
Exchange this for an access token:
POST http://sharesome.com/oauth/access_tokenParameters
| Name | Type | Description |
|---|---|---|
client_id |
string |
Required. The client ID you received from Sharesome when you added new application. |
client_secret |
string |
Required. The client secret you received from Sharesome when you added new application. |
code |
string |
Required. The code you received as a response to Step 1. |
grant_type |
string |
Required. At the moment the only available grant type is Authorisation code grant: authorization_code. |
redirect_uri |
string |
The URL in your app where users will be sent after authorization. See details below about redirect urls. |
Response
By default, the response will be a JSON string and will take the following form:
{
"access_token": "MCJMTET33XMyE43XN5DciFSJo0IfeJXOW66SN5oS",
"token_type": "bearer",
"expires": 1435575934,
"expires_in": 3600,
"refresh_token": "ceZdkqNc4tetzTInbyXrD3ptHxJMsgdp5ZbjxplI"
}Use the access token to access the API
The access token allows you to make requests to the Sharesome API on a behalf of a user.
GET http://sharesome.com/api/v1/user?access_token=...You can pass the token in the query params like shown above, but a cleaner approach is to include it in the Authorization header
Authorization: Bearer OAUTH-TOKENError responses
If the request is incorect or the user rejects access to your application, Sharesome will redirect to the registered callback URL with the following JSON response summarizing the error:
| Name | Type | Description |
|---|---|---|
error |
string |
The error type |
error_description |
string |
The detailed description of the error. |
Check out our Sharesome SDK for PHP for a easy integration with your PHP project.