developers.oauth.title

developers.oauth.intro

developers.oauth.flowTitle

developers.oauth.flowDesc


┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│  Your App   │     │   Brutlers   │     │   Vendor    │
└──────┬──────┘     └──────┬──────┘     └──────┬──────┘
       │                   │                   │
       │  1. Redirect      │                   │
       │──────────────────>│                   │
       │                   │  2. Login/Consent │
       │                   │<─────────────────>│
       │                   │                   │
       │  3. code + state  │  3. Allow         │
       │<──────────────────│<──────────────────│
       │                   │                   │
       │  4. Exchange code │                   │
       │──────────────────>│                   │
       │                   │                   │
       │  5. Tokens        │                   │
       │<──────────────────│                   │
       │                   │                   │
       │  6. API calls     │                   │
       │──────────────────>│                   │

developers.oauth.step1Title

developers.oauth.step1Desc

developers.oauth.step1Link

developers.oauth.step2Title

developers.oauth.step2Desc

http

GET /api/oauth/authorize?
  response_type=code
  &client_id=brut_app_...
  &redirect_uri=https://app.example.com/callback
  &scope=orders:read orders:write
  &state=random_csrf_token
  &code_challenge=BASE64URL_SHA256_HASH
  &code_challenge_method=S256

Parameter	Required	Description
response_type	Yes	developers.oauth.paramResponseType
client_id	Yes	developers.oauth.paramClientId
redirect_uri	Yes	developers.oauth.paramRedirectUri
scope	Yes	developers.oauth.paramScope
state	developers.oauth.recommended	developers.oauth.paramState
code_challenge	developers.oauth.recommended	developers.oauth.paramCodeChallenge
code_challenge_method	developers.oauth.recommended	developers.oauth.paramCodeChallengeMethod

developers.oauth.step3Title

developers.oauth.step3Desc

bash

curl -X POST https://brutlers.com/api/oauth/token \
  -d "grant_type=authorization_code" \
  -d "code=AUTH_CODE" \
  -d "client_id=brut_app_..." \
  -d "client_secret=brut_secret_..." \
  -d "redirect_uri=https://app.example.com/callback" \
  -d "code_verifier=ORIGINAL_RANDOM_STRING"

developers.oauth.responseTitle

json

{
  "access_token": "brut_at_...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "brut_rt_...",
  "scope": "orders:read orders:write"
}

developers.oauth.step4Title

developers.oauth.step4Desc

http

GET /api/vendor/orders HTTP/1.1
Host: brutlers.com
Authorization: Bearer brut_at_...

developers.oauth.step5Title

developers.oauth.step5Desc

bash

curl -X POST https://brutlers.com/api/oauth/token \
  -d "grant_type=refresh_token" \
  -d "refresh_token=brut_rt_..." \
  -d "client_id=brut_app_..." \
  -d "client_secret=brut_secret_..."

developers.oauth.scopesTitle

Scope	Description
orders:read	developers.oauth.scope.orders:read
orders:write	developers.oauth.scope.orders:write
customers:read	developers.oauth.scope.customers:read
profile:read	developers.oauth.scope.profile:read

developers.oauth.revokeTitle

developers.oauth.revokeDesc

bash

curl -X POST https://brutlers.com/api/oauth/revoke \
  -d "token=brut_at_..." \
  -d "client_id=brut_app_..." \
  -d "client_secret=brut_secret_..."

developers.oauth.securityTitle

developers.oauth.security1
developers.oauth.security2
developers.oauth.security3
developers.oauth.security4
developers.oauth.security5

developers.oauth.flowTitle

developers.oauth.flowDesc


┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│  Your App   │     │   Brutlers   │     │   Vendor    │
└──────┬──────┘     └──────┬──────┘     └──────┬──────┘
       │                   │                   │
       │  1. Redirect      │                   │
       │──────────────────>│                   │
       │                   │  2. Login/Consent │
       │                   │<─────────────────>│
       │                   │                   │
       │  3. code + state  │  3. Allow         │
       │<──────────────────│<──────────────────│
       │                   │                   │
       │  4. Exchange code │                   │
       │──────────────────>│                   │
       │                   │                   │
       │  5. Tokens        │                   │
       │<──────────────────│                   │
       │                   │                   │
       │  6. API calls     │                   │
       │──────────────────>│                   │

developers.oauth.step2Title

developers.oauth.step2Desc

http

GET /api/oauth/authorize?
  response_type=code
  &client_id=brut_app_...
  &redirect_uri=https://app.example.com/callback
  &scope=orders:read orders:write
  &state=random_csrf_token
  &code_challenge=BASE64URL_SHA256_HASH
  &code_challenge_method=S256

Parameter	Required	Description
response_type	Yes	developers.oauth.paramResponseType
client_id	Yes	developers.oauth.paramClientId
redirect_uri	Yes	developers.oauth.paramRedirectUri
scope	Yes	developers.oauth.paramScope
state	developers.oauth.recommended	developers.oauth.paramState
code_challenge	developers.oauth.recommended	developers.oauth.paramCodeChallenge
code_challenge_method	developers.oauth.recommended	developers.oauth.paramCodeChallengeMethod

developers.oauth.step3Title

developers.oauth.step3Desc

bash

curl -X POST https://brutlers.com/api/oauth/token \
  -d "grant_type=authorization_code" \
  -d "code=AUTH_CODE" \
  -d "client_id=brut_app_..." \
  -d "client_secret=brut_secret_..." \
  -d "redirect_uri=https://app.example.com/callback" \
  -d "code_verifier=ORIGINAL_RANDOM_STRING"

developers.oauth.responseTitle

json

{
  "access_token": "brut_at_...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "brut_rt_...",
  "scope": "orders:read orders:write"
}

Scope

Description

orders:read

developers.oauth.scope.orders:read

orders:write

developers.oauth.scope.orders:write

customers:read

developers.oauth.scope.customers:read

profile:read

developers.oauth.scope.profile:read