This mechanism is much less secure than the full code exchange process and should only be used by applications without a server or native platform to execute the full code flow. Then the user is redirected to Your application can exchange the code query parameter from the redirect for an access token by making a POST request to with the following request body data:Īn alternative authentication flow is available for browser-based, client-only applications. They'll be asked to sign in (or, if necessary, create an account) first. On the authentication page the user can choose to allow your application to access Genius on their behalf. One important use for this value is increased security-by including a unique, difficult to guess value (say, a hash of a user session value), potential attackers can be prevented from sending phony redirects to your app. state: A value that will be returned with the code redirect for maintaining arbitrary state through the authorization process.scope: The permissions your application is requesting as a space-separated list (see available scopes below).redirect_uri: The URI Genius will redirect the user to after they've authorized your application it must be the same as the one set for the API client on the management page.client_id: Your application's Client ID, as listed on the API Client management page.Start by directing a user of your application to Genius's authentication page at with the following query parameters: Requests are authenticated with an Access Token sent in an HTTP header (or as a request parameter if you must).Īll interaction with the API must be done over HTTPS. Genius uses the OAuth2 standard for making API calls on behalf of individual users. You can get a client access token by clicking "Generate Access Token" on the API Client management page. These tokens are only valid for read-only endpoints that are not restricted by a required scope. If your application doesn't include user-specific behaviors you can use the client access token associated with your API instead of tokens for authenticated users. There's also a detailed guide below if you're committed to implementing it yourself.
There are plenty of libraries available to help with this part of your integration. The available endpoints are listed below in the resources section, along with embedded examples showing how they work and what they return. The API Client will belong to the user account signed in to Genius when it's created. The redirect_uri is used for authenticating Genius users with your application. This will provide you with a client_id and a client_secret that you'll use to identify your application to Genius. Just add the script tag:įirst, visit the Genius API Client management page and create an API client for your application. In addition to interacting with Genius annotations through the API, it's easy to make any page annotatable and display annotations you've created on it. You're on your way to building something great! You've linked your Genius account with this site. Learn how your app can access Genius's content and community this easily too! Interactively explore API endpoints by connecting your Genius account to this page.
0 kommentar(er)
