Authorization Code Flow
Use for
Web Applications
Following process describes how to obtain an user's authorization to interact with the Loom AI API on the user's behalf using the OAuth2 Authorization Code Flow.
1. User Authentication & Request Authorization
Redirect the user to following parameterized URL to authenticate the user and request authorization for your application to interact with the Loom AI API on the user's behalf.
Parameter
Description
response_type
Set to code
.
audience
Set to https://api.loomai.com/
(url-encoded).
client_id
Your application's Client ID.
redirect_uri
The URL to which the user will be redirected after authorization has been completed (url-encoded). The authorization code will be appended to the URL using the query parameter code
. You must add this URL to the callback urls when registering your client application.
scope
Whiite-space separated list of scopes you are requesting authorization for. Please refer to Authorization Scopes for more details.
state
A random alphanumeric string your client application adds to the request. The value will be included when redirecting back to your application. This is used to prevent CSRF attacks.
Request
Response
On success, you will receive a HTTP 302 response redirecting to your specified redirect_uri
with an url query string that contains the authorization result. Specifically the authorization code
required to obtain an access token as well as your state
parameter.
If authorization failed or has been denied by the user, the query string will contain an error parameter with further details instead.
2. Exchange Authorization Code for API Access Token
The authorization code obtained in previous step can now be exchanged for an access token to authorize requests of your application to the Loom AI API.
Request
Parameter
Description
grant_type
Set to authorization_code
.
audience
Set to https://api.loomai.com/
.
code
The authorization code obtained in previous step.
client_id
Your application's Client ID.
client_secret
Your application's Client Secret.
redirect_uri
Must match theredirect_uri
used in previous step.
Response
If all parameters are valid, you will receive a HTTP 200 response with a JSON payload containing an access_token
which you can use to authorize your application's requests to the Loom AI API, a refresh_token
if you included scope offline_access
in previous step as well as token_type
and expiry
. The access token will be valid for the amount of seconds stated by expiry
. Afterwards your application will either need to re-request authorization, or renew the access token if it received a refresh token.
Last updated