{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"725393f0-c9c9-e6bd-e614-fc187f59cd99","name":"Shapeshift OAuth 2.0","description":"The ShapeShift Auth API allows partners to ask a ShapeShift user to grant 3rd party applications access to their account details. It is built on the OAuth 2.0 protocol.\nYour app can ask for specific permission scopes and will be rewarded with access tokens upon a user's approval.\nYou'll need to register your app before getting started. A registered app is assigned a unique Client ID and Client Secret which will be used in the OAuth flow. The Client Secret should not be shared.\n\nTo become an integration partner with ShapeShift and earn revenue based on your transactions generated, please open an 'Integration Approval Process' ticket [here](https://shapeshift.zendesk.com/hc/en-us/requests/new?ticket_form_id=360000126320).\n\n# The OAuth Flow\n\nShapeShift uses OAuth 2.0's authorization code grant flow to issue access tokens on behalf of users.\n\n## Step 1 - Sending users to authorize\n\nYour web or mobile app should redirect users to the following URL:\nhttps://auth.shapeshift.io/oauth/authorize\n\nThe following values should be passed as GET parameters:\n\n| Parameter       | Description                                                                           |\n| --------------- | :------------------------------------------------------------------------------------ |\n| `client_id`     | issued when you created your app (required)                                           |\n| `scope`         | permissions to request (see below) (required)                                         |\n| `response_type` | `code` Indicates that your server expects to receive an authorization code (required) |\n| `redirect_uri`  | URL to redirect back to (see below) (required)                                        |\n| `state`         | unique string to be passed back upon completion (optional)                            |\n\nThe scope parameter is a space-separated list of OAuth scopes, indicating which parts of the Shapeshift user's account you'd like your app to be able to access. We recommend asking only for the specific permissions that your application needs. If you need more permissions later, you can re-authenticate the user.\n \n \n### Scopes\n\n| OAuth Scopes | Associated API Methods |\n| ------------ | ---------------------- |\n| `users:read` | `/oauth/token/details` |\n\nThe state parameter should be used to avoid forgery attacks by passing in a value that's unique to the user you're authenticating and checking it when auth completes.\n\n## Step 2 - Users are redirected to your server with a verification code\n\nIf the user authorizes your app, ShapeShift will redirect back to your specified redirect_uri with a temporary code in a code GET parameter, as well as a state parameter if you provided one in the previous step. If the states don't match, the request may have been created by a third party and you should abort the process.\n\n## Step 3 - Exchanging a verification code for an access token\n\nThese access tokens are also known as bearer tokens. See token types for an overview of all the kinds of tokens involved in the Shapeshift platform.\n\nWhen the user approves access for your application, ShapeShift will redirect them back to your `redirect_uri` with a `code` parameter. This temporary code can be exchanged for an access token using the `https://auth.shapeshift.io/oauth/token` endpoint.\n\nNote: If the user denies access for your application, they will still be redirected back to the `redirect_uri`.\n\n| HEADERS       |                                      |\n| ------------- | :----------------------------------- |\n| Content-Type  | application/json                     |\n| Authorization | Basic Auth (clientId + clientSecret) |\n\nWith the following parameters\n\n| Parameters   | Description                               |\n| ------------ | :---------------------------------------- |\n| `code`       | a temporary authorization code (required) |\n| `grant_type` | `authorization_code` (required)           |\n\nExample response:\n\n```\n{\n    \"access_token\": \"NjliNmE0NzEtZmVjMS00OTlhLTgyNTctM2Q5ODMyZDQ1NWE2OkRlbGxkdWRlODk=\",\n    \"scope\": \"\"\n}\n```\n\n\n## Step 4 - Make an API call\n\nYou can then use this token to call API methods on behalf of the user. The token will continue functioning until the user revokes the token.\n\n# Authentication\n\nAuthenticate your Web API requests by providing a bearer token, which identifies a single user, bot user, or applications relationship.\n\nRegister your application with Shapeshift to obtain credentials for use with our OAuth 2.0 implementation, which allows you to negotiate tokens on behalf of users and applications.\n\nWe require a bearer token to be sent in the Authorization HTTP header of your outbound requests.\n\n```\nTreat tokens with care. Never share tokens with other users or applications. Do not publish tokens in public code repositories. [Review token safety tips]().\n```\n\n# Sign in with ShapeShift\n\nLet users sign in to your product using ShapeShift.\nIt's fast, simple, and secure\n\n![sign-in-with-shapeshift](https://auth.shapeshift.io/public/images/sign-in-with-shapeshift-blue@1x.png 'Sign in with ShapeShift')\n\n```\n<a href=\"https://auth.shapeshift.io/oauth/authorize?response_type=code&scope=users:read&client_id=your_client_id&redirect_uri=your_redirect_uri\"><img src=\"https://auth.shapeshift.io/public/images/sign-in-with-shapeshift-blue@1x.png\"/></a>\n```\n\nSign in with ShapeShift extends our existing OAuth 2.0 application approval flow to simplify logging users into your application.\nIt's simple. The button is easy for users to understand, and integration is easy.\nIt's fast. ShapeShift members can log in with existing credentials without extra steps.\nIt pays off. ShapeShift members get perks on their transactions when they log in.\n\n<!-- [ code example of how to configure your own button ] -->","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"44077","team":10566341,"collectionId":"725393f0-c9c9-e6bd-e614-fc187f59cd99","publishedId":"716cFNs","public":true,"publicUrl":"https://documenter-api.postman.tech/view/44077/716cFNs","privateUrl":"https://go.postman.co/documentation/44077-725393f0-c9c9-e6bd-e614-fc187f59cd99","customColor":{"top-bar":"FFFFFF","right-sidebar":"1D2635","highlight":"5376A0"},"documentationLayout":"classic-double-column","version":"8.10.1","publishDate":"2018-10-08T16:27:19.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[{"name":"ShapeShift","id":"f73c6a82-ae8a-4221-889f-4135eabb6e25","owner":"44077","values":[{"key":"host","value":"auth.shapeshift.io","enabled":true},{"key":"protocol","value":"https","enabled":true}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/768118b36f06c94b0306958b980558e6915839447e859fe16906e29d683976f0","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"ShapeShift","value":"44077-f73c6a82-ae8a-4221-889f-4135eabb6e25"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/716cFNs"}