Authorising Requests

GetCandy uses Passport for authentication and when you make queries to your API you will need to add an authorisation header:

authorization: Bearer <access_token>

Client Authentication

POST /oauth/token
200: OK
{
    "token_type": "Bearer",
    "expires_in": 3600,
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGc..."
}

User Authentication

POST /oauth/token
200: OK
{
    "token_type": "Bearer",
    "expires_in": 3600,
    "access_token": "eyJ0eXAiOiJKV1QiL...",
    "refresh_token": "def502006255cdb..."
}

CONTENTS