Authentication

All of our APIs use OAuth 2.0 for authentication. To make API requests you will need a valid access token.
The Implicit Grant Type is intended for Browser-based or Mobile apps. Browser-based apps run entirely in the browser (JavaScript applications) after loading the source code from a web page. Since the entire source code is available to the browser, they cannot maintain the confidentiality of their client secret, so the secret is not used in this case. Not usable from inside a server language like PHP.
This is similar to the Authorization Code Grant Type but rather than an authorization code being returned from the authorization request, an access token is returned to the client. This is because for JS apps an authorization_code grant makes no sense, since the client_secret would be exposed to the user. This is most common for client-side devices (i.e. mobile) where the client credentials cannot be stored securely.

Step 1: Request the authorization token

When a user first tries to perform an action that requires API authentication, you need to direct the user to the authorization server at https://api.optimalresume.com/oauth/authorize.
The table below identifies the request parameters that you need to (or can) include in the URL. Note that the request URI that you construct must contain properly URL-escaped parameter values.
Parameter Type Description
client_id
required
string The OAuth 2.0 client ID for your application. The value is displayed on my apps page
redirect_uri
required
string A registered redirect_uri for your client ID. Make sure you enter valid redirect URIs for your application.
response_type
required
string Specifies that your application is requesting an authorization code grant. Set the parameter's value to token.
state
required
string A string that your application uses to maintain state between the request and redirect response. This parameter can be used for preventing cross-site request forgery.
scope
optional
string Specifies the resources that your application could access on the user's behalf. It determines which permissions are listed on the consent page that OptimalResume displays to the user.

https://api.optimalresume.com/oauth/authorize?response_type=token&client_id={CLIENT_ID}
&redirect_uri={REDIRECT_URI}&state={STATE}

Step 2: User authorizes application

In this step, the user decides whether to grant your application the ability to make API requests that are authorized as the user. OptimalResume's authorization server displays the name of your application and the services that it is requesting permission to access on the resource owner's behalf. The user can then consent or refuse to grant access to your application.

Step 3: Application receives access token

If the user granted access to your application, the authorization server redirects the user-agent back to the application redirect URI, which was specified during the client registration, along with access token using a URI fragment identifier (#access_token).

{REDIRECT_URI}#access_token

If the user refused to grant access to your application, the authorization server redirects the user-agent back to the application redirect URI along with an error parameter error=access_denied.

{REDIRECT_URI}?error=access_denied&error_description=The+user+denied+access+to+your+application
&state={STATE}