# OAuth2

In order to create transactions or execute users' scoped endpoints a partner must be authorized by the user. The partner is automatically authorized if he created a user's account via API, if not the partner must obtain user's authorization. The authorization is done via redirecting a user to XanPool website where he is prompted to authorize the partner. After granting permissions the user is redirected back to the partner's website with the authorization code.

# Authorization page

Page

https://xanpool.com/authorize?clientId={API_KEY}&redirectUrl={PAGE AFTER SUCCESSFUL AUTHORIZATION}

To initiate authorization users must be redirected to the authorization page. On this page a user is prompted to authorize partner's account. After successful authorization users are redirected to a redirectUrl containing authorizationCode (i.e. https://okex.com/success?authorizationCode=1xseh1j2u91nb12gsna1). If the user didn't grant the permissions, url will contain error=rejected.

# Authorization Code Exchange

This endpoint exchanges authorizationCode received from the previous step for a user scoped accessToken. Access token is valid for 30 days.

Endpoint

https://xanpool.com/api/oauth2/token

Payload attributes

Parameter Description
code The code from the previous step

Response

Parameter Description
accessToken User scoped token
expiresAt Timestamp of when the accessToken expires

Request Example

curl "https://xanpool.com/api/oauth2/token"
  -X POST
  -H "Content-Type: application/json"  
  -u {API_KEY}:{API_SECRET}
  -d '{"code":"1xseh1j2u91nb12gsna1"}'

Response

{
  "accessToken": "1e1e1dad4b5b685900124e87121dad41e1dad4b5b685900124e8712b5b685900124e8711e1dad4b5b685900124e87122",
  "expiresAt": 1588824540
}