Developers

OAuth

OAuth2 is a protocol that lets external apps request authorization to private details in a user's Restyaboard account without getting their password. This can be revoked by users at any time.

Before getting started, developers need to create their application in Restyaboard admin side. A registered OAuth application is assigned a unique Client ID and Client Secret. The Client Secret should not be shared. You may create a personal access token for your own use or implement the web flow below to allow other users to authorize your application.

Web Application Flow

This is a description of the OAuth2 flow from 3rd party web sites.

1. Redirect users to request GitHub access

GET /oauth/authorize

Parameters

Name Type Description
response_type string Required. The response type value is "code"
client_id string Required. The client ID you received from Restyaboard.
redirect_uri string Required. The URL in your app where users will be sent after authorization.
scope string Required. The scope value is "read write"
state string Required. An unguessable random string. It is used to protect against cross-site request forgery attacks.

2. This Restyaboard redirects back to your site

If the user accepts your request, Restyaboard redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. If the states don't match, the request has been created by a third party and the process should be aborted.

Exchange this for an access token:

POST /api/v1/oauth/token.json

You have to set authorization basic for all API calls like shown below.

Authorization: Basic client_id:client_secret

Parameters

Name Type Description
code string Required. The code you received as a response to Step 1.
redirect_uri string Required. The URL in your app where users will be sent after authorization.
state string Required. The unguessable random string you optionally provided in Step 1.

Response

By default, the response will take the following form:

{"access_token":"xxxxxxxx", "expires_in":3600, "token_type":"Bearer", "scope":"read", "refresh_token":"xxxxxxxx"}

3. Use the access token to access the API

The access token allows you to make requests to the API on a behalf of a user.

GET http://board.demo.restya.com/api/v1/boards.json?token=...

You can pass the token in the query params like shown above.

ou have to set authorization basic for all API calls like shown below.

Authorization: Basic client_id:client_secret

Webhooks

Webhooks allow you to build or set up integrations for each activities on Restyaboard. When any activity is triggered, we'll send a HTTP POST payload to the webhook's configured URL. Webhooks can be used to update an external applications.

Currently webhook can be add through API only.

Chat