.png){kind=logo}
Tilkee uses the standard OAuth 2.0 protocol in order to authenticate the users. Using the authentication endpoint, our API will provide an Access token that you will be able to use in the headers of your next API calls. The API will also provide a refresh_token, that can be used to get a new Access token when the previous one has expired.
We handle 3 kind of authentication :
- Using your users credentials (grant_type set as 'password')
- Using your refresh token (grant_type set as 'refresh_token')
- Using Authorization Code Grant (with client ID & secret).
In order to properly follow the OAuth 2.0 guidelines, you must use the user credential for the first authentication or if you previous refresh_token is expired. Then, in all other case, you must use the refresh_token authentication.
Provided access tokens are valid for the next 12h.
If needed, you can revoke a refresh_token, so the user will be forced to use his credentials to re-authenticate himself.