Tapt API for OAuth applications

Authentication

Endpoint:https://api.cards.tapt.io

OAuth2 authentication and authorization endpoints

Authorize Consent

POST
https://api.cards.tapt.io
/oauth/authorize/consent

Processes the user's consent decision for an authorization request. This endpoint is typically called after the user has logged in and granted access to the requested scopes. The response will redirect the user back to the client application with the appropriate authorization code or error.

Authorize ConsentRequest Body

  • client_idstring · required

    The client ID of the application requesting authorization.

  • redirect_uristring · uri · required

    The URI to redirect the user to after consent.

  • scopestring · required

    Requested scopes.

  • statestring · required

    An opaque value used by the client to maintain state.

  • response_typestring

    Expected response type (e.g. "code").

Authorize ConsentResponses

    No schema specified

Authenticate

POST
https://api.cards.tapt.io
/oauth/token

Exchanges an authorization grant (e.g., authorization code, client credentials, refresh token) for an access token.

AuthenticateRequest Body

  • grant_typestring · enum · required

    The grant type. Determines the set of other required parameters. Supported values include:

    • authorization_code: For exchanging an authorization code for an access token.
    • refresh_token: For obtaining a new access token using a refresh token.
    • client_credentials: For client authentication directly (if supported by the server).
    Enum values:
    authorization_code
    refresh_token
    client_credentials
  • client_idstring

    Your application's client ID. Required for authorization_code and client_credentials grants. May be required for refresh_token grant if the server enforces client authentication for refresh tokens.

  • client_secretstring

    Your application's client secret. Required for authorization_code and client_credentials grants if the client is confidential. May be required for refresh_token grant if the server enforces client authentication for refresh tokens with confidential clients.

  • codestring

    The authorization code received from the authorization server. Required if grant_type is authorization_code.

  • redirect_uristring · uri

    The redirect URI that was used in the initial authorization request to obtain the code. Required if grant_type is authorization_code. Must match the URI used in the authorization request.

  • refresh_tokenstring

    The refresh token issued to the client. Required if grant_type is refresh_token.

  • scopestring

    Optional. The requested scope(s) for the access token. Space-separated list of scope values. The requested scope must not include any scope not originally granted by the resource owner. Primarily used with client_credentials grant but can sometimes be used with other grants.

AuthenticateResponses

    • access_tokenstring

      The access token string.

    • token_typestring

      Type of the token issued (e.g., "Bearer").

    • expires_ininteger

      The lifetime in seconds of the access token.

    • refresh_tokenstring

      The refresh token, which can be used to obtain new access tokens. (Optional)

    • scopestring

      The scope of the access token. (Optional)

Get Organisation Information

GET
https://api.cards.tapt.io
/oauth/me

Retrieves information about the currently authenticated resource owner (organisation).

Get Organisation InformationResponses

    • namestring

      Organisation name.

Webhooks