EN
Sign In
Developers > Flight > Guides > Authentication

Overview

Our APIs use the OAuth 2.0 protocol for authentication and authorization.

All applications follow a basic pattern, please take the following steps:

  1. Obtain your client credentials from our product support team.

  2. Your client application requests an access token from our authorization server.

  3. Extracts a token from the response, and sends the token to the API that you want to access.

1. Acquiring appKey and appSecret

After we have reached a cooperation, you can get your appKey and appSecret from our product support team. At the same time, the API function of the corresponding resource will be enabled.

Keep your client secret private. If someone obtains your client secret, they could use it to consume your quota, and request access to user data.

2. Obtain an access token from our authorization server

Your should use appKey and appSecret to obtain an access token from our authorization server.

For how to obtain it, you can find it here.

3. Send the access token to an API

After an application obtains an access token, it sends the token to the API in an HTTP Authorization request header.

4. Refresh the access token, if necessary

Access tokens have limited lifetimes. If your application needs access to the API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens.

your can find here to add or remove tokens.

A basic client demo

We build a java client demo on github to help you understand.