The Aventus Platform uses OAuth 2.0 to authenticate and authorise requests to our API. OAuth 2.0 allows users to grant 3rd party applications full or partial access to their account without sharing their login credentials.
To use the API, your application must send an OAuth 2.0 access token in an Authorization header with each request.
Authorization: Bearer ACCESS_TOKEN
During the authorization flow, you'll need to include a list of requested scopes (permissions). When users authenticate they will be asked to grant permission to your application's requested scopes.
OAuth 2.0 flows
There are three OAuth 2.0 flows depending on the type of your application
|Implicit Grant||Used by client applications, where you are making API calls from a client|
|Authorization Code Grant (PKCE)||Used by native mobile applications|
|Authorization Code Grant||Used by server applications, where you are making API calls from the server|
Follow this diagram to identify the authorization flow for your application.
Updated over 4 years ago