Using the API
Adding authentication to your project with the Basic API
For built-in local-first benefits like offline and multiplayer support, please use the Basic SDK
Summary
- The user beings the flow by clicking a “Sign in with Basic” button in your app
- User is redirected to a login page
- The user can login with Basic.id which grants them permissions to your app
- Basic.id redirects the user back to your app with an authorization code
- Your app can exchange the authorization code for access and refresh tokens. With the access token, you can make database requests and keep the user logged in. If the access token expires, you can use the refresh token to get a new access token
With this, you’ll be ready to access the user’s database!
Authentication with API
Basic uses OAuth 2.0 for authentication. For more details, read about Basic Auth.
Redirect user to /authorize
Create a button that redirects the user to the Basic Auth page, with the following required parameters (more info on required parameters):
client_id='YOUR_CLIENT_ID'
redirect_uri='YOUR_REDIRECT_URI'
response_type=code
scope=profile
state='YOUR_STATE'
Redirect URL template: https://api.basic.tech/auth/authorize?response_type=code&redirect_uri=YOUR_REDIRECT_URI&scope=profile&state=YOUR_STATE&client_id=YOUR_CLIENT_ID
Make sure to replace YOUR_CLIENT_ID
, YOUR_REDIRECT_URI
, YOUR_STATE
with your own values
User grants access and is redirected back to your app with an authorization code
The authorization code will be in the URL as a code
query parameter.
For example:
https://your-app.com/callback?code=1234567890
.
You need to extract the code from the URL and use it in the next step.
Exchange the authorization code for an access token and a refresh code
Make a post request to /token
with the authorization code in the body. The response will be a JSON object with the access token and a refresh code.
Token URL template:
https://api.basic.tech/token
Make sure to replace YOUR_CODE
with your own values
Using the access token and refresh code
The access token is used to make requests to the API as part of the request header (e.g., Authorization: Bearer 'YOUR_ACCESS_TOKEN'
), and the refresh code is used to get a new access token when the current access token expires.
Basic access tokens expire after 1 hour
Using the database
You can use the REST API to read and write to the user’s database. Checkout the API Reference to get started. Before making any requests, you should validate that the access token is not expired.