Pavlok API

Reference for using the Pavlok API through OAuth2.

Using OAuth

You can use OAuth to interact with the Pavlok API on behalf of an user within your application. To make use of that, you'll need to do the following steps.

Register on Pavlok

First create an account on Pavlok.

Register your application

Then you'll need to register your application, providing a name and a redirect URI callback. You'll get back a client id and client secret to use down the road.

Authorize your application

Now suppose you want to interact with the Pavlok API on behalf of John. To do that redirect John to the following url: http://pavlok-mvp.herokuapp.com/oauth/authorize?client_id=[id]&redirect_uri=[uri]&response_type=code
- client_id: your client id when you registered the application
- redirect_uri: your redirect URI when you registered the application (must be the same)

Get the token

Suppose the previous redirect_uri was http://yourdomain.com/auth/callback. After the authorization has been done by John, it'll get redirected to your callback with a code, ex: http://yourdomain.com/auth/callback?code=123456789.
Within your callback handler, you'll have to grab that code and ask for John's token by making a POST to /oauth/token. Ex:

              POST http://pavlok-mvp.herokuapp.com/oauth/token
              
                {
                  "client_id": "[your client id]",
                  "client_secret": "[your client secret]",
                  "code": "123456789",
                  "grant_type": "authorization_code",
                  "redirect_uri": "[your redirect uri]"
                }
              
            

You'll get in return John's access_token to use on the secured API calls on behalf of John.