# Introduction

Gofundo implements the OAuth 2.0 specification.&#x20;

## Accessing the OAuth 2.0 API

When signed into the Gofundo user interface, browse to **Instellingen** > **API-koppeling**. There you will find a table of all active *(non-revoked)* API clients relevant to your current instance of Gofundo.

Click on **Nieuwe client** in order to create new API client and secret tokens. The name is mostly for your administration and the redirect URI is what the authentication process will redirect back to with the relevant tokens once authenticated.

Once you have created the new API client your **Client ID** can be found inside the table. The **Client Secret** can be found by hovering over the table row and pressing **Bekijk secret**.

When authenticating the following grand types are supported:  `authorization_code`, `password` and `client_credentials`.

All access tokens have an expiration of 2 weeks and refresh tokens expire after 1 hour.

All requests should contain the `Accept` header with value `application/json`.<br>

### Authorization

Once a client has been created, developers may use their client ID and secret to request an authorization code and access token from your application.

## Requesting tokens

<mark style="color:blue;">`GET`</mark> `https://gofundo.nl/oauth/authorize`

This request will return a JSON response containing `access_token`, `refresh_token`, and `expires_in` attributes. The `expires_in` attribute contains the number of seconds until the access token expires.

#### Query Parameters

| Name           | Type   | Description                   |
| -------------- | ------ | ----------------------------- |
| scope          | string | Containing empty string: ""   |
| response\_type | string | Containing the string: "code" |
| redirect\_uri  | string | Callback URI                  |
| client\_id     | string | Client ID provided by Gofundo |

{% tabs %}
{% tab title="200 " %}

```
```

{% endtab %}

{% tab title="302 Callback URL is incorrect" %}

```
{"error":"invalid_client","error_description":"Client authentication failed","message":"Client authentication failed"}
```

{% endtab %}
{% endtabs %}

## Getting access tokens

<mark style="color:green;">`POST`</mark> `https://gofundo.nl/oauth/token`

This request will return a JSON response containing `access_token`, `refresh_token`, and `expires_in` attributes. The `expires_in` attribute contains the number of seconds until the access token expires.

#### Request Body

| Name           | Type   | Description                                     |
| -------------- | ------ | ----------------------------------------------- |
| code           | string | Code provided by /oauth/authorize redirect\_uri |
| redirect\_uri  | string | Callback URI                                    |
| client\_id     | string | Provided client ID                              |
| client\_secret | string | Provided client secret                          |
| grant\_type    | string | Containing string: "authorization\_code"        |

{% tabs %}
{% tab title="200 " %}

```
```

{% endtab %}
{% endtabs %}

## Refreshing tokens

<mark style="color:green;">`POST`</mark> `https://gofundo.nl/oauth/token`

When the `access_token` has expired you will need to refresh your `access_token` via the `refresh_token` that was provided when the access token was issued.

#### Request Body

| Name           | Type   | Description                         |
| -------------- | ------ | ----------------------------------- |
| client\_secret | string | Provided client secret              |
| client\_id     | string | Provided client ID                  |
| refresh\_token | string | Your refresh token                  |
| grant\_type    | string | Containing string: "refresh\_token" |

{% tabs %}
{% tab title="200 " %}

```
```

{% endtab %}
{% endtabs %}