Version 2 (OAuth2)
Authorization flow
The API version 2 implements the OAuth2 authorization framework, enabling secure authentication and authorization to access its resources. This flow has been developed specifically for the Make Academy Custom Apps Development course, aiming to simulate a real-world authentication and authorization process.
Every developer can integrate Custom App Academy API V2 by obtaining up to one app access that involves registration of their application and obtaining client credentials.
To obtain the necessary client credentials (client ID and secret), you can submit the form. If you have previously submitted the form for API version 1, you should already have received the credentials to API version 2 via email.

Each app user (John Doe/Jane Black) can have only one active connection. If you generate a new connection, the existing one will be removed.
Step one: Redirect a user to your app
Redirect the user to authorize
endpoint. This will prompt the user to allow your application to access the Custom App Academy API on their behalf. You need the user to allow the connect
scope to successfully authorize access. To obtain the code
parameter to authorize token
request, set the response_type
to code
.
This endpoint enables authorization of your access to API.
connect
https://www.integromat.com/oauth/cb/app
code
GET /TKLOBOUCKOVA/app-academy-v2/1.0.0/authorize HTTP/1.1
Host: virtserver.swaggerhub.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
Accept: */*
{
"code": "text"
}
Step two: Handle the callback request
Once a user decides to allow or disallow your application access to their account, Custom App Academy will redirect them to the OAuth2 redirect URL that you set when submitting your form.
If there was an error processing the request, the response will contain an error.message
parameter. If the request was successful, the response will contain code
parameter.
Step three: Retrieve an access token and refresh token
Use your application client_id
and client_secret
together with code
from the previous step to issue a request to token
endpoint. You must use the same redirect URL in the token
request and authorization_code
grant type.
A successful request will respond with access_token
, expires-in
, refresh_token
and refresh_expires_in
parameters. expires-in
and refresh_expires_in
values are in minutes.
This endpoint retrieves the token.
authorization_code
https://www.integromat.com/oauth/cb/app
POST /TKLOBOUCKOVA/app-academy-v2/1.0.0/token HTTP/1.1
Host: virtserver.swaggerhub.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 148
{
"code": "text",
"client_id": "text",
"grant_type": "authorization_code",
"redirect_uri": "https://www.integromat.com/oauth/cb/app",
"client_secret": "text"
}
{
"access_token": "text",
"expires_in": 5,
"refresh_token": "text",
"refresh_expires_in": 5
}
Step four: Make an API request
After obtaining the access token, you can send requests to App Academy API that contain the authorization
header in this format: Bearer {access_token}
.
This endpoint retrieves info about the connected account.
Bearer [accessToken]
GET /TKLOBOUCKOVA/app-academy-v2/1.0.0/info HTTP/1.1
Host: virtserver.swaggerhub.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
authorization: text
Accept: */*
{
"id": "d1b03e513fbc5881651d6c149fd259506f975ae1",
"user": "Jane Doe"
}
Step five: Refresh the access token
The API provides the expires_in
parameter in the token
response to determine if the user's access token has expired. If it has, use the refresh
endpoint to retrieve a new access token and refresh token. expires-in
and refresh_expires_in
values are in minutes. To obtain a new access token and refresh token, the refresh token must not be expired!
This endpoint retrieves the refresh token.
refresh_token
POST /TKLOBOUCKOVA/app-academy-v2/1.0.0/refresh HTTP/1.1
Host: virtserver.swaggerhub.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 95
{
"client_id": "text",
"grant_type": "refresh_token",
"client_secret": "text",
"refresh_token": "text"
}
{
"access_token": "text",
"expires_in": 5,
"refresh_token": "text",
"refresh_expires_in": 5
}
Step six: Access invalidation
If the user wants to invalidate the access of your app to Custom App Academy API, use the invalidate
endpoint.
This endpoint invalidates the access token.
Bearer [accessToken]
GET /TKLOBOUCKOVA/app-academy-v2/1.0.0/invalidate HTTP/1.1
Host: virtserver.swaggerhub.com
Authorization: Bearer YOUR_OAUTH2_TOKEN
authorization: text
Accept: */*
No content
Scopes
API Version 2 provides integration with scopes. Scopes provide a granular level of access control and ensure that users can only access the specific resources they need. The following scopes are supported:
authorize
connect
any GET endpoint*
read
any POST/PUT/PATCH ednpoint
write
any DELETE endpoint
delete
*except for /info
endpoint.
Endpoints
In API version 2, all the endpoints available in API version 1 are fully supported. To make API calls in version 2, you need to use the URL for API version 2 as well as to ensure proper authorization and scope management by following the instructions provided above.
Version 1 (API key)Last updated