Table of contents


Introduction

We’re using OAuth 2.0 protocol together with the Doorkeeper library.

If you have a Enterprise, Business or Partner account, you will be able to create OAuth applications. This will allow you to connect existing or new floorplanner accounts to your own service. The connected accounts will remain standalone. They will not be connected to your main account.

On production you will be able to create OAuth applications through the following link:
OAuth Apps on production

It will work exactly the same on our sandbox environment with this link:
OAuth Apps on sandbox


Using the access token

The access token is valid for any API V2 calls.

With parameter

You can use the access_token as GET OR POST parameter. For example:

https://floorplanner.com/api/v2/users/profile.json?access_token=TOKEN

With Bearer authorization header

It is also possible to use a Bearer authorization header. The header should look like this:

Authorization: Bearer TOKEN


Endpoints

Authorize

Get authorization code if successfully authorised.

GET /oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&scope=SCOPE&response_type=RESPONSE_TYPE POST /oauth/authorize

Parameter Required Value
CLIENT_ID yes The OAuth application id (UID/Client ID)
REDIRECT_URI yes The whitelisted redirect URI
SCOPE yes The allowed scope, default: public or empty string
RESPONSE_TYPE yes Which response you want, default: code

{
  "client_id": "5nCcv9CN4YBSvHNzGe96fNqtGljX2p",
  "redirect_uri": "https://callback.url/oauth",
  "scope": "",
  "response_type": "code"
}
HTTP 301

If successful authorization it will redirect to redirect_uri together with a code parameter which is the authorization code to request a access token.

Forbidden

The client ID was invalid

HTTP 403

Not found

The client ID was not found HTTP 404

Token

Retrieve access token with authorization code.

POST /oauth/token

Parameter Required Value
CLIENT_ID yes The OAuth application id (UID/Client ID)
REDIRECT_URI yes The whitelisted redirect URI
CODE yes The authorization code from the authorize request
CLIENT_SECRET yes The client secret code
GRANT_TYPE yes What type of code send over. default: authorization_code

{
  "client_id": "5nCcv9CN4YBSvHNzGe96fNqtGljX2p",
  "redirect_uri": "https://callback.url/oauth",
  "code": "JPcL6qiQ5nCcv9CN4YBSvHNzG",
  "client_secret": "tGljX2ps",
  "grant_type": "authorization_code"
}
HTTP 200
{
   "access_token" : "ujL-JPcL6qiQ5nCcv9CN4YBSvHNzGe96fNqtGljX2ps",
   "token_type" : "Bearer",
   "expires_in" : 7889237,
   "scope" : "public",
   "created_at" : 1575027878
}

Forbidden

The client ID was invalid or code was invalid

HTTP 403

Not found

The client ID was not found HTTP 404

Revoke token

Revoke/delete access token

POST /oauth/revoke

Parameter Required Value
CLIENT_ID yes The OAuth application id (UID/Client ID)
CLIENT_SECRET yes The client secret code
TOKEN yes The access token to revoke

{
  "client_id": "5nCcv9CN4YBSvHNzGe96fNqtGljX2p",
  "client_secret": "tGljX2ps",
  "token": "ujL-JPcL6qiQ5nCcv9CN4YBSvHNzGe96fNqtGljX2ps"
}
HTTP 200
{}

Forbidden

The client ID was invalid or access token was invalid

HTTP 403

Not found

The client ID was not found HTTP 404