Setting up OAuth authorization for your plugins
The following guide helps guide you through the endpoints required for plugin authorization. For more details on setting up app authorization flows as a whole, check out our app authentication guide here.
For OAuth, you’ll need to support 4 endpoints:
The endpoints must accept the requests outlined below and return responses minimally matching the outlined response shapes (additional attributes can be returned but we require at least what appears in these docs).
The redirect URI we’ll use for all of our requests will be https://app.kit.com/apps/install.
We’ll use Bearer Authorization to include the user’s access token on all the requests we make to your endpoints.
We will start the OAuth process by making a GET request to your provided aurthorization URL:
Query Parameters
Code samples
Responses
302: Redirects to https://app.kit.com/apps
with authorization code parameter
We will then exchange the returned authorization code for a new access token by making a POST to your configured token URL, with a body like so:
Query Parameters
Response schema: application/json
Your plugin’s configured Client ID
Your plugin’s configured Client Secret
authorization_code
The code received via the redirect uri query params
https://app.kit.com/apps
Code samples
Responses
200: Returns a token
Response schema: application/json
Access token for a user in the plugin app’s system
When the access token expire in seconds
Refresh token that can be used to generate a new access token once this one expires
When the access token was created
When the previous access token expires, we will request a new access token by making a POST to your configured refresh token URL, with a body like so:
Query Parameters
Code samples
Responses
200: Returns a token
Response schema: application/json
Access token for a user in the plugin app’s system
When the access token expire in seconds
Refresh token that can be used to generate a new access token once this one expires
When the access token was created
When your app is uninstalled by a creator, we will make a POST request to your revoke token URL, with a body like so:
Query Parameters
Code samples
Responses
200: OK
To set OAuth up for your app, go to the “Authentication” tab on your app, toggle on the “Plugin” section and select “OAuth” from the “Authorization method” dropdown:
This will expand the section and offer the fields to add your:
as well as the “Client ID” and “Client secret” fields for us to authenticate with your service:
Once all of the fields are filled out, click save and OAuth will be set up for all plugins you create for the app.
Your app may also include the option to alternatively send creators to your app, or an externally hosted onboarding flow, post signup. This can be configured using the Redirect URL after install
field in your app details setting page. An example of this flow can be seen below.
Example redirect flow
Redirect flow settings
Setting up OAuth authorization for your plugins
The following guide helps guide you through the endpoints required for plugin authorization. For more details on setting up app authorization flows as a whole, check out our app authentication guide here.
For OAuth, you’ll need to support 4 endpoints:
The endpoints must accept the requests outlined below and return responses minimally matching the outlined response shapes (additional attributes can be returned but we require at least what appears in these docs).
The redirect URI we’ll use for all of our requests will be https://app.kit.com/apps/install.
We’ll use Bearer Authorization to include the user’s access token on all the requests we make to your endpoints.
We will start the OAuth process by making a GET request to your provided aurthorization URL:
Query Parameters
Code samples
Responses
302: Redirects to https://app.kit.com/apps
with authorization code parameter
We will then exchange the returned authorization code for a new access token by making a POST to your configured token URL, with a body like so:
Query Parameters
Response schema: application/json
Your plugin’s configured Client ID
Your plugin’s configured Client Secret
authorization_code
The code received via the redirect uri query params
https://app.kit.com/apps
Code samples
Responses
200: Returns a token
Response schema: application/json
Access token for a user in the plugin app’s system
When the access token expire in seconds
Refresh token that can be used to generate a new access token once this one expires
When the access token was created
When the previous access token expires, we will request a new access token by making a POST to your configured refresh token URL, with a body like so:
Query Parameters
Code samples
Responses
200: Returns a token
Response schema: application/json
Access token for a user in the plugin app’s system
When the access token expire in seconds
Refresh token that can be used to generate a new access token once this one expires
When the access token was created
When your app is uninstalled by a creator, we will make a POST request to your revoke token URL, with a body like so:
Query Parameters
Code samples
Responses
200: OK
To set OAuth up for your app, go to the “Authentication” tab on your app, toggle on the “Plugin” section and select “OAuth” from the “Authorization method” dropdown:
This will expand the section and offer the fields to add your:
as well as the “Client ID” and “Client secret” fields for us to authenticate with your service:
Once all of the fields are filled out, click save and OAuth will be set up for all plugins you create for the app.
Your app may also include the option to alternatively send creators to your app, or an externally hosted onboarding flow, post signup. This can be configured using the Redirect URL after install
field in your app details setting page. An example of this flow can be seen below.
Example redirect flow
Redirect flow settings