Authorization URLs

Authorization URLs direct your users to WAX All Access (from a browser). Your customers can create a new account or sign in, then use this URL to grant your app access to various OAuth Scopes.

The Authorization URL includes the following parameters:

Parameter Example Description
client_id client_id=xxxx999x9999 Required. The client_id for your app.
response_type &response_type=code Required. code (the literal string code)
state &state=1234567 Required. A random value that you've generated and stored securely (either in client memory for apps that run on a client device or in a server-side session for apps that run on a server).
duration &duration=permanent Optional. Only use duration=permanent for one-time "Link your Account with WAX" requests. Access can be revoked by the user on their account page. Omit for signing in users. Refer to OAuth Token Duration for more information.
mobile &mobile=1 The literal string 1. Include this if you're prompting the user in a mobile or embedded environment; this removes the navigation bar from the authorization page.
scope &scope=identity+items A space-separated list of OAuth Scopes that you're requesting access to. If omitted, defaults to only identity_basic.

Create Your URL

To create your Authorization URL:

  1. Choose your environment (Sandbox or Production).

    Environment Link
    Sandbox https://oauth.wax-sandbox.com/v1/authorize
    Production https://oauth.opskins.com/v1/authorize
  2. Determine your token duration (permanent or one-time sign in). Refer to OAuth Token Duration for more information.

  3. Choose your OAuth Scopes.

Note: You can't use your Sandbox client credentials in Production. When you're ready to go live, you'll need to repeat these steps using the Production endpoint.

Authorization URL Example

https://oauth.wax-sandbox.com/v1/authorize?client_id=xxxx999x9999&state=1234567&duration=permanent&scope=identity+items&response_type=code

If your Authorization client_id is invalid, the following message displays to your users:

OAuth client not found

Now that you’ve created your Authorization URL, it’s time to handle the redirect_uri query string and exchange your Authorization code for a Bearer Token.