BitForex CApp Authorized Login API
BitForex CApp OAuth2.0 authorized login system is built based on the OAuth2.0 protocol standard. Before accessing BitForex CApp OAuth2.0 Login, you must request a client_id and a client_secret from BitForex.
BitForex OAuth2.0 authorized login allows BitForex users to securely log in to Third party websites. After a BitForex user uses authorization login to log in to a third-party website that uses BitForex Oauth2.0, the third party can obtain the user's API calling credentials (access_tokens) and use these access_tokens to call APIs authorized by the BitForex CApp Town. This allows the third party to obtain the basic information of users and their authorization. BitForex Oauth2.0 authorization login currently supports authorization_code mode, which is applicable to server-side application authorization. The overall process of this mode is as follows:
1. When a third-party website initiates a BitForex login authorization request, after a BitForex user grants authorization to the third-party website, BitForex will redirect to the third-party website and carry the authorized temporary ticket code parameter.
2. Add client_id, client_secret and other information via code, and exchange for access_token using the relevant API.
3. Use access_token to call the API to obtain the user's basic data and resources or help the user perform a basic operation.
- Below is the sequence diagram of how to obtain Access_token::
please use https://www.bitforex.com for pc,use https://m.bitforex.com for mobile,In the following docking process.
CApp users request Authorized Login, CApp server request link as below: https://www.bitforex.com/oauth/authorize?client_id=test-client&redirect_uri=https%3a%2f%2fwww.baidu.com&response_type=code&scope=read
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| client_id | String | yes | - | BitForex CApp client_id |
| response_type | String | yes | code | Fix value:code |
| redirect_uri | String | yes | - | The page returned back to after the authorized login is required to be same as the one submitted to BitForex |
| scope | String | yes | - | CApp authorization scope. To obtain the user's personal information, enter read. |
| platform | String | no | pc | Support pc and h5(use https://m.bitforex.com in the case), the default value is pc. |
After the user taps "Authorize", the CApp is launched and redirects to an authorization redirect_uri
The user taps "Allow"
https://www.baidu.com/?code=xxxxxxx
Or “Cancel”
https://www.baidu.com/?error=access_denied&error_description=User%20denied%20access
After obtaining the code in Step 1, request the following link to obtain an access_token[POST]: https://www.bitforex.com/oauth/token?client_id=unity-client&client_secret=unity&grant_type=authorization_code&code=GQ8qx&redirect_uri=http%3a%2f%2flocalhost%3a8080%2fspring-oauth-server%2funity%2fdashboard
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| client_id | String | yes | - | BitForex CApp client_id |
| client_secret | String | yes | - | BitForex CApp secret |
| redirect_uri | String | yes | - | The page returned back to after the authorized login is required to be same as the one submitted to BitForex,then redirect the parameter accordingly |
| grant_type | String | yes | - | Fix value:authorization_code |
| code | String | yes | - | Code from STEP 1 |
{
"code":200,
"msg":"success",
"data":{
"access_token":"950a7cc9-5a8a-42c9-a693-40e817b1a4b0",
"token_type":"bearer",
"refresh_token":"773a0fcd-6023-45f8-8848-e141296cb3cb",
"expires_in":27036,
"scope":"select"
}
}
Response Parameter Guide:
| Parameter | Type | Description |
|---|---|---|
| access_token | String | API call credential |
| refresh_token | String | The access_token refreshed by the user |
| access_token_deadline | Long | The time to expiration of the API call credential (access_token), in millisecond. |
| refresh_token_deadline | Long | The time to expiration of the API call credential (refresh_token ), in millisecond. |
After obtaining the access_token, BitForex users info will be available according to access_token.
access_token is the API call credential,the expiration period for the access_token is considerably short(12 hours),use refresh_token to refresh/restart the expiration period when the access_token is expired ,access_token refresh results:
1. Refresh when access_token is expired,refresh_token will create a new access_token and a new expiration period;
2. Refresh before access_token is expired, refresh_token will NOT create a new access_token,ONLY a new expiration period will be provided, in another word the access_token expiration period will be extended.
After obtaining the token in Step 2, request the following link to obtain an userId[POST]: https://www.bitforex.com/platform/user/info
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| access_token | String | yes | - | BitForex CApp access_token |
{
"code":200,
"msg":"success",
"data":{
"userId":"xxxxx"
}
}