Getting Started
API Access
API Reference
Authorization
Authorization refers to the process of verifying what resources can be accessed by users or applications, and what actions they can perform i.e. access rights.
Appibase uses OAuth 2.0 for client applications to get authorized and given an Access Token to access protected resources. OAuth 2.0 supports several different authorization grants (or flows) for retrieving Access Tokens.
In line with the OAuth 2.0 Security Best Current Practice, Appibase supports the following authorization grant flows:
- Authorization Code flow with
- Proof Key for Code Exchange (PKCE) support, and
- Refresh Token
- Client Credentials flow
Be it accessing the Admin API or the Storefront API, the Authorization Code flow with PKCE support and the Refresh Token grant type are used when the Resource Owner is an end-user i.e. the User model for the Admin API or the Customer model for the Storefront API. On the other hand, the Client Credentials grant type is used when the Resource Owner is a Client application.
Supported Grant Types
| Resource Owner | Grant Type |
|---|---|
| End-User | Authorization Code (with PKCE) |
| Refresh Token | |
| Client Application | Client Credentials |