Skip to content

Apps

Your apps will need to be authenticated with XPKit before they can start calling all the available endpoints. They do this by using an OAuth 2.0 flow called client-credentials. In this flow server-side apps can exchange credentials known as client IDs and client secrets for access tokens. Apps then use a token to make authenticated requests to XPKit.

For each app you build, you decide what access (OAuth scopes) the app needs and create a corresponding OAuth application.

If you are unfamiliar with OAuth 2.0 and the authorization flows it provides, it may be helpful to read about these first. OAuth 2.0 Simplified is a good resource.

Creating a new OAuth application

  • Log into XPKit Portal
  • In the authentication section, create a new application under "Apps" and select the required permissions (OAuth scopes) the application needs. Note: you will only be able to grant the application (up to) the same permissions you have been granted

Obtaining an access token

Once you have created the OAuth 2.0 application, you will be redirected to the details page of the app in XPKit Portal. This page contains the two fields you need: client_id and client_secret.

Follow the instructions here so your app can obtain an access token using these credentials.

Updating an application's permissions

If someone changes the permissions (scopes) of the OAuth application in XPKit Portal all access tokens generated via this application will become invalid and your app will need to request a new one.