Authentication

All of our APIs use OAuth 2.0 for authentication. To make API requests you will need a valid access token.
The Authorization Code grant type is the most common OAuth2.0 flow because it is optimized for Web server apps. Web apps are written in a server-side language and run on a server where the source code of the application is not available to the public and Client Secret confidentiality can be maintained.. This is a redirection-based flow which requires interaction with the resource owner's user-agent (i.e. the user's web browser). It implements 3-Legged OAuth and involves the user granting the client an authorization code, which can be exchanged for an Access Token.

Step 1: Request the authorization code

When a user first tries to perform an action that requires API authentication, you need to direct the user to the authorization server at https://api.optimalresume.com/oauth/authorize.
The table below identifies the request parameters that you need to (or can) include in the URL. Note that the request URI that you construct must contain properly URL-escaped parameter values.
Parameter Type Description
client_id
required
string The OAuth 2.0 client ID for your application. The value is displayed on my apps page
redirect_uri
required
string A registered redirect_uri for your client ID. Make sure you enter valid redirect URIs for your application.
response_type
required
string Specifies that your application is requesting an authorization code grant. Set the parameter's value to code.
state
required
string A string that your application uses to maintain state between the request and redirect response. This parameter can be used for preventing cross-site request forgery.
scope
optional
string Specifies the resources that your application could access on the user's behalf. It determines which permissions are listed on the consent page that OptimalResume displays to the user.

https://api.optimalresume.com/oauth/authorize?response_type=code&client_id={CLIENT_ID}
&redirect_uri={REDIRECT_URI}&state={STATE}

Step 2: User authorizes application

In this step, the user decides whether to grant your application the ability to make API requests that are authorized as the user. OptimalResume's authorization server displays the name of your application and the services that it is requesting permission to access on the resource owner's behalf. The user can then consent or refuse to grant access to your application.

Step 3: Application receives authorization code

If the user granted access to your application, the authorization server redirects the user-agent back to the application redirect URI, which was specified during the client registration, along with an authorization_code and the state parameter.

{REDIRECT_URI}?authorization_code={AUTHORIZATION_CODE}&state={STATE}

If the user refused to grant access to your application, the authorization server redirects the user-agent back to the application redirect URI along with an error parameter error=access_denied.

{REDIRECT_URI}?error=access_denied&error_description=The+user+denied+access+to+your+application
&state={STATE}

Step 4: Exchange authorization code for tokens

Assuming the user has granted access to your application, exchange the authorization code obtained in step 3 for a refresh token and access token.
We can request the access token by sending a POST request to the authorization server, passing the client_id, the client_secret, and the redirect_uri as shown below. The server then validates the authorization code and verifies that the redirect_url is the same as it was in the earlier step. If successful, the server responds back with an access token and a refresh token.
NOTE: You have 30 seconds to request the access token starting from the time that you get the authorization_code.

SAMPLE REQUEST

POST https://api.optimalresume.com/oauth HTTP/1.1
Accept: application/json
Content-Type: application/json
{
"redirect_uri": "{REDIRECT_URI}",
"client_id": "CLIENT_ID",
"client_secret": "CLIENT_SECRET",
"code": "AUTHORIZATION_CODE",
"grant_type" : "authorization_code"
}


curl -X POST https://api.optimalresume.com/oauth \
-H "Accept: application/json;" \
-u "CLIENT_ID:CLIENT_SECRET" \
-d "grant_type=authorization_code&code=AUTHORIZATION_CODE&redirect_uri=REDIRECT_URI"

SAMPLE RESPONSE


{
"access_token": "61e7ab831ede2641cb43b0a9c5a826b02e962a13c1",
"expires_in": 36000,
"token_type": "Bearer",
"scope": null,
"refresh_token":"494cc8b3fcc12d52581ff5a230de170f0ed23eb2"
}

GENERATE ACCESS TOKEN

Parameter Type Value Default Value Description
code
required
string The authorization code returned to your redirect_uri in step 3. You have 30 seconds to request the access token starting from the time that you get the authorization_code.
client_id
required
string The OAuth 2.0 client ID for your application. The value is displayed on my apps page
client_secret
required
string The client secret associated with your client ID. The value is displayed on my apps page
redirect_uri
required
string A registered redirect_uri for your client ID. Make sure you enter valid redirect URIs for your application.