introduction

Thanks.io supports OAuth 2.0 for secure authentication and authorization. This allows users to grant your application access to their thanks.io account without sharing their credentials.

Set Up

To integrate OAuth 2.0 with your application, follow these steps:
  1. Create an account on thanks.io: Create account HERE if you haven’t already.
  2. Register your OAuth Client: Go to the thanks.io API Settings and register your application in the “OAuth Clients” section to obtain your client ID and client secret.

Implementation

  1. Redirect user to authorize your application: When a user wants to connect their thanks.io account to your application, redirect them to the thanks.io authorization endpoint with the following parameters:
GET https://dashboard.thanks.io/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI
  1. Request your client’s access token: After the user authorizes your application, they will be redirected back to your specified redirect URI with an authorization code. You’ll use this AUTHORIZATION_CODE to request an access token:
POST https://dashboard.thanks.io/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&redirect_uri=YOUR_REDIRECT_URI&code=AUTHORIZATION_CODE
  1. Store the tokens securely: The response will include an access token, refresh token, and expiration time. Store these tokens securely.
  2. Use the access token: You can now use the access token to make authenticated requests to the thanks.io API as a bearer token in the Authorization header.
  3. Handle Token Expiration: Access tokens have a limited lifespan. Implement token refresh logic to obtain new tokens using the refresh token flow. 
POST https://dashboard.thanks.io/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&refresh_token=YOUR_REFRESH_TOKEN