# OAuth2

In order to create transactions or execute users' scoped endpoints a partner must be authorized by the user. The partner is automatically authorized if he created a user's account via API, if not the partner must obtain user's authorization. The authorization is done via redirecting a user to XanPool website where he is prompted to authorize the partner. After granting permissions the user is redirected back to the partner's website with the authorization code.

# Authorization page


https://xanpool.com/authorize?clientId={API_KEY}&redirectUrl={PAGE AFTER SUCCESSFUL AUTHORIZATION}

To initiate authorization users must be redirected to the authorization page. On this page a user is prompted to authorize partner's account. After successful authorization users are redirected to a redirectUrl containing authorizationCode (i.e. https://okex.com/success?authorizationCode=1xseh1j2u91nb12gsna1). If the user didn't grant the permissions, url will contain error=rejected.

# Authorization Code Exchange

This endpoint exchanges authorizationCode received from the previous step for a user scoped accessToken. Access token is valid for 30 days.



Payload attributes

Parameter Description
code The code from the previous step


Parameter Description
accessToken User scoped token
expiresAt Timestamp of when the accessToken expires

Request Example

curl "https://xanpool.com/api/oauth2/token"
  -H "Content-Type: application/json"  
  -d '{"code":"1xseh1j2u91nb12gsna1"}'


  "accessToken": "1e1e1dad4b5b685900124e87121dad41e1dad4b5b685900124e8712b5b685900124e8711e1dad4b5b685900124e87122",
  "expiresAt": 1588824540