Cloud BOT
Documentation Powered by Redocly

OAuth2 API Reference (1.0)

Download OpenAPI specification:Download

OAuth2 is a protocol that enable the application to access to Cloud BOT platform on behalf of a user.

Cloud BOT provides parts of API in line with The OAuth 2.0 Authorization Framework RFC
When using Cloud BOT Oauth2 authorization function, it is essential to understand OAuth2 Authorization Code Flow. Please refer to RFC 4.1. Authorization Code Grant.

This document is a reference concerning endpoints of authirozation server API used in OAuth2 Authorization Code Flow.

Authorization request

When Your application request the user for authorization to access to Cloud BOT, authorization request screen will be provided to the user by redirecting to this endpoint.

When user allow or deny the request at authorization request screen, it will be redirect to the redirect_uri URL.
The following parameters will be given.
code: Authorization Code
state: State String
(error: Only when user denies authorization)
https://yourdomain/callback?code={authorization code}&state={State String}

Please issue an access token by obtained authorization code.

query Parameters
client_id
required
integer

The ID shows your application.
Please issue it from Cloud BOT Dashborad > For Developers > My Apps.

redirect_uri
required
string

Same URL with redirect_uri listed in the My Apps
Redirect to this URL after user has allowed at authorization request.

response_type
required
string
Value: "code"

Fix code (Require authorization code flow)

scope
required
string

Authority to request authorization
Specify the following authorization string separated by space(in URL by +).
execute: execution
refer: reference
suspend: suspension

state
string

We recommend using state string.
It is essential to understand why the state string is required.
Please refer to RFC 4.1.1. Authorization Request and handling the state string properly.

Responses

Response samples

Content type
text/html
No sample

Issuing and refreshing access tokens

Issue an access token by using the authorization code.
And you can refresh the access token by using refresh token.

The issued access token will be valid to access all the BOTs that authorized user can access, inclucing the BOTs owned by invited other contract.

Request Body schema: application/x-www-form-urlencoded
grant_type
required
string
Enum: "authorization_code" "refresh_token"

authorization_code: Issuing access token
refresh_token: Refresh access token

client_id
required
integer

The ID shows your application.
Please issue it from Cloud BOT Dashborad > For Developers > My Apps.

client_secret
required
string

Issued secret in My Apps.

redirect_uri
string

Same URL with redirect_uri listed in My Apps
Required when grant_type is authorization_code

code
string

Authorization Code
Required when grant_type is authorization_code

refresh_token
string

Refresh Token
Required when grant_type is refresh_token

Responses

Response samples

Content type
application/json
{
  • "username": "user@example.com",
  • "token_type": "Bearer",
  • "expires_in": 31536000,
  • "access_token": "string",
  • "refresh_token": "string"
}