OAuth 2 (status: Alpha)

Prerequisite

To use this guide, first email our support team to have the API option turned on for you. 

First Steps

To use the Small Improvements API, you need to be logged in. If you develop a service that should connect to SI on behalf of a user, then requesting and storing their SI passwords on your own server isn't a great idea. Enter OAuth. You can obtain an OAuth token that you can save on your service, without needing access to the SI user's password from then onwards.

To obtain an OAuth token, you will need to log in into SI once. We don't yet support the official OAuth workflow for passing the user back and forth between websites, so you'll need to obtain the user's username and password for Small Improvements, log in into Small Improvements with those credentials, and request the OAuth token as described below. Then you can safely forget about the SI password, and you can still access SI on behalf of that user.

 

Requesting the token

Requesting an access token for a user of your app. Note that you need to be logged in into SI to obtain the token!

POST https://www.small-improvements.com/api/oauth2/token (if on US server)
POST https://eu.small-improvements.com/api/oauth2/token (if on EU server)

Headers

 

Authorization Basic Base64Encoded(client_id:client_secret)
  You'll find your client_id and client_secret on the Security Settings within the Small Improvements Administration page.
  User-Agent  Your app name, for instance 'small_improvements_bot_app'

 

Parameters (Content-Type: application/x-www-form-urlencoded)

grant_type password
username { username }
password  { password }

 

Request

$ curl -X POST "https://www.small-improvements.com/api/oauth2/token"
 -H 'Content-Type: application/x-www-form-urlencoded'
 -H 'Authorization: Basic `echo -n "CLIENT_ID:CLIENT_SECRET" | base64`'
 -H 'User-Agent: small_improvements_bot_app'
 -d 'grant_type=password&username=LOGIN_NAME&password=PASSWORD'


Response

{
"access_token": "ACCESS_TOKEN",
 "scope": "global",
 "token_type": "bearer"
}

 

After receiving a token, you can now use the token to access the API.

For example:

$ curl -H 'Authorization: Bearer ACCESS_TOKEN' https://www.small-improvements.com/api/v2/users/me -I
HTTP/1.1 200 OK
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us