When your application needs to access a user's Smore account data, you need to redirect the user from your application to Smore's authorization page at https://smore.im/authorize. You need to construct a URL containing the following parameters:
response_type
This parameter specifies the OAuth2 authorization code flow your application will use, and the value of this parameter should always be code.
client_id
The client ID of your application.
redirect_uri
After user authorization, Smore will redirect the user back to your application along with an authorization code. This parameter specifies the URL Smore will use to redirect users back to your application.
scope
This parameter specifies the permissions of Smore API your application will access. If multiple permissions are required, separate them with a comma (,). Refer to the Scopes section for more information.
state
This parameter is optional. If your application needs to pass some data back to your application when the user is redirected, you can use this parameter.
For example, if the client ID of your application is 12345abcde, your application's redirect URL is https://example.com/oauth/callback, and your application requires forms:read and responses:read permissions, then your authorization URL will be:
You need to redirect users to this URL, so they can authorize your application to access their Smore account data on Smore. When users are redirected to this URL, they will be asked to log in to Smore (if they are not already logged in), and then they will see the following page:
Obtaining Access Token from Smore
After the user clicks the "Allow Access" button, Smore will redirect the user to your specified redirect_url, along with an authorization code code. For instance, in the above example, if the user agrees to authorize, Smore will redirect the user to:
Your application needs to use this authorization code to request an access token from Smore. You need to send a POST request to https://smore.im/api/oauth2/token with the following parameters:
grant_type
This parameter specifies the OAuth2 authorization code flow your application will use, and the value of this parameter should always be authorization_code.
code
The authorization code `code` received from Smore by your application.
client_id
The client ID of your application.
client_secret
The client secret of your application.
redirect_uri
The redirect URL you used in the previous step.
For example, if the client ID of your application is 12345abcde, your application's client secret is 12345abcde, your application's redirect URL is https://example.com/oauth/callback, and the authorization code received from Smore is abcdef12345, then your request will be:
If your request is successful, you will receive a JSON object containing information about the access token:
{
// Access Token
"access_token": "r3YMg2RhzbQfcjjLrJVOOa3feok21hN7",
// Refresh Token
"refresh_token": "oSCpXMe73fP7SVM7ORpgnh02NENHiuur",
// Token Type
"token_type": "Bearer",
// Token Expiration Time
"expires_in": 3600,
// Authorization Scope
"scope": "forms:read,responses:read",
// User of the Token
"user": "account@smore.im"
}
After receiving the access token, you can try to access /api/v1/me to verify that your access token is valid.
Using Access Token to Access Smore API
When your application needs to access the Smore API, you need to include your access token in the request header. If you need to use a specific API endpoint (like /api/v1/me), and the user's access token is r3YMg2RhzbQfcjjLrJVOOa3feok21hN7, your request will be like:
GET /api/v1/me HTTP/1.1
Host: smore.im
Accept: application/json
Authorization: Bearer r3YMg2RhzbQfcjjLrJVOOa3feok21hN7
When the access token expires, you will receive a 401 Unauthorized status code in the API response. At this point, you need to use a refresh token to request a new access token.
You need to send a POST request to https://smore.im/api/oauth2/refresh with the following parameters:
grant_type
The value of this parameter should always be refresh_token.
refresh_token
The refresh token `refresh_token` your application received from Smore.
client_id
The client ID of your application.
client_secret
The client secret of your application.
For example, if your application's client ID is 12345abcde, your application's client secret is 12345abcde, and the refresh token your application received from Smore is oSCpXMe73fP7SVM7ORpgnh02NENHiuur, then your request would be:
