o_auth_api = client.o_auth
OAuthApi
Revokes an access token generated with the OAuth flow.
If an account has more than one OAuth access token for your application, this endpoint revokes all of them, regardless of which token you specify.
Important: The Authorization
header for this endpoint must have the
following format:
Authorization: Client APPLICATION_SECRET
Replace APPLICATION_SECRET
with the application secret on the OAuth
page for your application in the Developer Dashboard.
ℹ️ Note This endpoint does not require authentication.
def revoke_token(body:,
authorization:)
Parameter | Type | Tags | Description |
---|---|---|---|
body |
Revoke Token Request Hash |
Body, Required | An object containing the fields to POST for the request. See the corresponding object definition for field details. |
authorization |
String |
Header, Required | Client APPLICATION_SECRET |
This method returns a ApiResponse
instance. The data
property in this instance returns the response data which is of type Revoke Token Response Hash
.
body = {
:client_id => 'CLIENT_ID',
:access_token => 'ACCESS_TOKEN'
}
authorization = 'Client CLIENT_SECRET'
result = o_auth_api.revoke_token(
body: body,
authorization: authorization
)
if result.success?
puts result.data
elsif result.error?
warn result.errors
end
Returns an OAuth access token and a refresh token unless the
short_lived
parameter is set to true
, in which case the endpoint
returns only an access token.
The grant_type
parameter specifies the type of OAuth request. If
grant_type
is authorization_code
, you must include the authorization
code you received when a seller granted you authorization. If grant_type
is refresh_token
, you must provide a valid refresh token. If you're using
an old version of the Square APIs (prior to March 13, 2019), grant_type
can be migration_token
and you must provide a valid migration token.
You can use the scopes
parameter to limit the set of permissions granted
to the access token and refresh token. You can use the short_lived
parameter
to create an access token that expires in 24 hours.
Note: OAuth tokens should be encrypted and stored on a secure server. Application clients should never interact directly with OAuth tokens.
ℹ️ Note This endpoint does not require authentication.
def obtain_token(body:)
Parameter | Type | Tags | Description |
---|---|---|---|
body |
Obtain Token Request Hash |
Body, Required | An object containing the fields to POST for the request. See the corresponding object definition for field details. |
This method returns a ApiResponse
instance. The data
property in this instance returns the response data which is of type Obtain Token Response Hash
.
body = {
:client_id => 'APPLICATION_ID',
:grant_type => 'authorization_code',
:client_secret => 'APPLICATION_SECRET',
:code => 'CODE_FROM_AUTHORIZE'
}
result = o_auth_api.obtain_token(body: body)
if result.success?
puts result.data
elsif result.error?
warn result.errors
end
Returns information about an OAuth access token or an application’s personal access token.
Add the access token to the Authorization header of the request.
Important: The Authorization
header you provide to this endpoint must have the following format:
Authorization: Bearer ACCESS_TOKEN
where ACCESS_TOKEN
is a
valid production authorization credential.
If the access token is expired or not a valid access token, the endpoint returns an UNAUTHORIZED
error.
def retrieve_token_status
This method returns a ApiResponse
instance. The data
property in this instance returns the response data which is of type Retrieve Token Status Response Hash
.
result = o_auth_api.retrieve_token_status
if result.success?
puts result.data
elsif result.error?
warn result.errors
end