OAuth website screenshot

OAuth

OAuth is an open authorization framework that enables third-party applications to access user resources without exposing credentials. It provides a secure, token-based delegation mechanism widely used across the web for granting limited access to APIs and services on behalf of users.

1 APIs 0 Features
Access ControlAuthorizationOAuthSecurityTokens

APIs

OAuth 2.0 Authorization Server API

API specification for an OAuth 2.0 authorization server implementing the authorization endpoint, token endpoint, and token revocation endpoint as defined in RFC 6749, RFC 6750, ...

Collections

Pricing Plans

Oauth Plans Pricing

3 plans

PLANS

Rate Limits

Oauth Rate Limits

5 limits

RATE LIMITS

FinOps

Oauth Finops

FINOPS

Semantic Vocabularies

Oauth Context

4 classes · 28 properties

JSON-LD

Resources

🔗
Website
Website
🔗
Documentation
Documentation
🔗
Reference
Reference

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: OAuth 2.0 Authorization Server
  version: 1.0.0
items:
- info:
    name: Authorization
    type: folder
  items:
  - info:
      name: Authorization Endpoint
      type: http
    http:
      method: GET
      url: https://authorization-server.example.com/authorize
      params:
      - name: response_type
        value: ''
        type: query
        description: The value MUST be "code" for requesting an authorization code or "token" for requesting an access token
          (implicit grant).
      - name: client_id
        value: ''
        type: query
        description: The client identifier issued to the client during registration.
      - name: redirect_uri
        value: ''
        type: query
        description: The URI to which the authorization server will redirect the user-agent after authorization is granted
          or denied.
      - name: scope
        value: ''
        type: query
        description: The scope of the access request as a space-delimited list of values.
      - name: state
        value: ''
        type: query
        description: An opaque value used by the client to maintain state between the request and callback. Used to prevent
          cross-site request forgery.
    docs: The authorization endpoint is used to interact with the resource owner and obtain an authorization grant. The authorization
      server MUST first verify the identity of the resource owner.
- info:
    name: Token
    type: folder
  items:
  - info:
      name: Token Endpoint
      type: http
    http:
      method: POST
      url: https://authorization-server.example.com/token
      body:
        type: form-urlencoded
        data: []
      auth:
        type: basic
        username: '{{username}}'
        password: '{{password}}'
    docs: The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh
      token. Supports authorization code, client credentials, resource owner password credentials, and refresh token grant
      types.
- info:
    name: Revocation
    type: folder
  items:
  - info:
      name: Token Revocation Endpoint
      type: http
    http:
      method: POST
      url: https://authorization-server.example.com/revoke
      body:
        type: form-urlencoded
        data:
        - name: token
          value: ''
        - name: token_type_hint
          value: ''
      auth:
        type: basic
        username: '{{username}}'
        password: '{{password}}'
    docs: The token revocation endpoint allows clients to notify the authorization server that a previously obtained token
      is no longer needed, as defined in RFC 7009.
bundled: true