Zum Hauptinhalt springen

OAuth 2.0

OAuth 2.0 is the recommended authentication method for new ZeyOS integrations. It uses standard authorization and token endpoints and supports authorization codes, refresh tokens, token revocation, token introspection, and PKCE.

Recommended

Use the authorization-code flow with PKCE for user-facing applications. Store client secrets and refresh tokens only in environments where they can be protected.

Base URL

Text
https://cloud.zeyos.com/{INSTANCE}/oauth2/v1

Replace {INSTANCE} with the ZeyOS instance name.

Authorization-Code Flow

  1. Redirect the user to GET /authorize with the client identifier, callback URL, state, and a PKCE challenge where applicable.
  2. Receive the single-use authorization code at the registered callback URL.
  3. Exchange the code at POST /token using grant_type=authorization_code.
  4. Send the returned access token as Authorization: Bearer <token> with REST API requests.
  5. Exchange the refresh token at /token when a new access token is required.

Token Management

OpenAPI Specification

Download the OAuth 2.0 OpenAPI specification for use with API clients and development tools.