SoFurry uses OAuth 2.0 to provide authorized access to its API.
- Users are not required to share their passwords with 3rd party applications, increasing account security.
- A wealth of client libraries and example code are compatible with SoFurry's OAuth implementation.
- Using OAuth is easy for both users and developers. All a user has to do to grant access to a certain application is to klick on the "Authorize" button on SoFurry when asked.
Authorization types (Grant types)
SoFurry supports multiple grant types:
- Authorization code
- Client credentials
- User credentials
Though, to provide better security, only the "Authorization code" and "Client credential" type can be used by 3rd-party developers.
Furthermore, SoFurry also supports refresh tokens.
For a complete tutorial on how to connect to the SF API, look here. (Link pending)
SoFurry and OAuth 2.0
The SoFurry OAuth endpoints can be reached under:
- Authorization endpoint (Auth server): http://www.sofurry.com/auth/authorize
- Token endpoint (Auth server): http://www.sofurry.com/auth/token
The resource server URLs (for API v3) can be found here: SoFurry API calls
Authorization code request flow