Setup OAuth 2.0
Find your OAuth 2 credentials
Find your OAuth 2 credentials
Your API provider should give you access to your client (app) credentials. Depending on the OAuth 2 grant types supported by the provider, these can consist of:
- Client ID: all grant types
- Client Secret: Authorization Code, Resource Owner Password Credentials and Client Credentials grant types
- Username: Resource Owner Password Credentials grant type only
- Password: Resource Owner Password Credentials grant type only
Set the authorization type
Set the authorization type
Go to the Auth tab and choose OAuth 2
.
Enter your credentials
Enter your credentials
You can now setup your credentials (from the above step Find your OAuth 2 credentials) and fill in all the appropriate authorization URLs (once again, this may be different per Grant Type):
- Authorization URL: the URL of the web page the OAuth service (aka. provider) would normally bring users so they can authorize the access.
- Access Token URL: the URL your server uses to request an access token.
- Redirect URL: also known as the Callback URL, it’s the URL you’ve setup in the OAuth provider’s settings. It should be the URL of a web page on your server, where users will be redirected after authorization process. In Paw, that’s optional, as Paw can work without it. You can leave this field blank or enter any valid URL, Paw will intercept the token regardless.
Authorize (get the Access Token)
Authorize (get the Access Token)
Now that you’ve setup the OAuth settings, you can manually request an access token, or skip this section and let Paw automatically handle authorization when needed (when sending request, Paw will automatically ask authorization if there is no access token or if it has expired). The calls are always handled by Safari.
In Paw, hit the Get Access Token button from the OAuth2 Dynamic Value
.
A web view is shown and you’re prompted (as the end-users would be) to authorize your app to access the provider’s API.
Once done, you’re redirected to the “Callback URL” page (should be a page on the client server). It doesn’t matter if that page is not functional yet. At this step, Paw will be calling the “Access Token URL” to get a token in exchange of the code that has been returned by the OAuth provider.
The Access Token should now appear at the bottom of the window. Hit the Use Access Token button.
Your request is now configured to be using OAuth 2.
Done
Done
Paw will add the Authorization header automatically. You can check it in the Headers tab. You’re ready to send the request!