Gyazo API
Register
With the registration of your application from the application registration page, you can issue a client_secret and client_id. Please develop your application to include them. Also, you can create an access_token from the developer page for testing.
In addition, to use the API you will need one of the following:
- Authentication by client_id
- Authentication with OAuth
It is convenient to authenticate by client_id in applications because it does not require a user login. The other way is with Oauth.
client_id
When using an API request that requires client_id, please add the following parameters.
client_id=LKjneiuajvdafasdsadfsadfasdhfa...
Because the client_id function does not touch the data of users, you can safely use this in public code.
OAuth
This API complies with OAuth2.0. After you register your application on the developer page, you will get a client_secret and client_id. Please handle the client_secret with good security practices so that it will not be available to third parties. After authenticating the user in accordance with the procedure described below access_token will be issued for the user.
When using an API OAuth authentication is required, either the access_token should be applied as a parameter,
access_token=slakjfdijawnfjhf9w8ufwaejwa...
Or,
Please grant the request header as described below.
Authorization: Bearer slakjfdijawnfjhf9w8ufwaejwa..
Flow of User Authentication
Authorize application
Use the following URL to request access to user information.
GET /oauth/authorize
parameter
| Name | Required | Remarks |
|---|---|---|
| client_id | ✓ | |
| redirect_uri | ✓ | |
| response_type | ✓ | must be code |
| state | ||
| team | team=* for any teams or a specific team like team=helpfeel |
When users log in on this page, the application will be granted access to that users Gyazo information.
When authentication is completed, the user will be redirected to the redirect_uri that you specify as a parameter. When this happens, the server will return the code. By using this code, you can get the user's access_token.
http://example.com/callback?code=asdklfajsdksajen...
To protect against CSRF attacks, you should use the state parameter. When you set the state parameter, code and state will be returned.
http://example.com/callback?code=asdklfajsdksajen...&state=wxyz...
Get access_token
POST /oauth/token
parameter
| Name | Remarks |
|---|---|
| client_id | |
| client_secret | |
| redirect_uri | |
| code | |
| grant_type | must be authorization_code |
Access_token must be included in the response when you want to use the API to save.
HTTP/1.1 200 OK
Date: Fri, 12 Oct 2012 23:33:14 GMT
Content-Type: application/json; charset=utf-8
Status: 200 OK
{
"access_token" : "fkjasdlfjoiwjefjwanlekfjhwalkfhal",
"token_type" : "bearer",
"scope" : "public"
}expiration date of access_token
The expiration date of the access_token is not set. As long as you are a valid user the token will not stop working until you delete the application.
