Apontador-API is a REST API that uses the OAuth 2.0 protocol for authentication and authorization. If this is your first time using OAuth, we strongly recommend the reading of the book "Getting Started with OAuth 2.0".

Authenticate as an application (Client Credentials Flow)

For the most part, Apontador's API only requires authenticate your application using your client_id and client_secret to get the application access_token. (don't have a client_id?). We only require users authentication in cases where your application is making requests on behalf of a user (see the next section "Authenticate as an user").

1. POST your credentials and receive an access_token
curl -X POST -d "client_id=YOUR-CLIENT-ID&client_secret=YOUR-SECRET&grant_type=client_credentials" https://api.apontador.com.br/v2/oauth/token
2. use the access token to GET the protected resource
curl -X GET -H "Accept: application/json" -H "Authorization: Bearer YOUR_ACCESS_TOKEN" https://api.apontador.com.br/v2/places/?q=pizza

Authenticate as an user (Authorization-Code Flow)

Follow this flow when your application needs to write data on behalf of an Apontador user (upload photos, write a review, etc). If your application is just reading data, you don't need to use this flow, see "Authenticate as an application" section.

1. in your browser type:
2. copy the authorization code from redirect uri. Ex:
3. in your command-line terminal, exchange the authorization code to an access token
curl https://api.apontador.com.br/v2/oauth/token -d "code=AUTH-CODE-HERE&client_id=YOUR-CLIENT-ID&client_secret=YOUR-APP-SECRET&redirect_uri=http://YOUR-HOST/&grant_type=authorization_code"
4. use the access token to POST data on behalf of an Apontador user (ex: place checkin)
curl -v -X POST -H "Accept: application/json" -H "Authorization: Bearer YOUR_ACCESS_TOKEN" https://api.apontador.com.br/v2/places/PLACE-ID-HERE/checkins