# NFT OAuth 2.0 API Documentation  ### OAuth 2.0 information host: nut-nft.com client_id: `c6ff8fe7-1973-4296-bcbc-967a58f939d7` client_secret: `{og<_NyI,h:!]3#=;)?q` ## Step 1: Request a user's identity ```shell GET https://nut-nft.com/oauth/authorize ``` | parameter | type | description | | -------- | -------- | -------- | | client_id | string | Required. The client ID. | | redirect_uri | string | Required. The URL in your application where users will be sent after authorization. | | state | string | An unguessable random string. It is used to protect against cross-site request forgery attacks. | ### Redirect to OAuthServer user would connect web3 wallet and sign message, if OAuthServer valid user ownership, it will redirect to `redirect_uri` with `code`(authorization code) parameters Example: ```javascript // same code in OAuthServer window.location("https://%redirect_uri%?client_id=EXAMPLE_ID&state=EXAMPLE_STATE&code=EXAMPLE_COD); ``` ## Step 3: Exchange authorization code for an access token: ``` POST https://nut-nft.com/oauth/access_token ``` ### Parameter | parameter | type | description | | -------- | -------- | -------- | | client_id | string | Required. The client ID. | | client_secret | string | Required. The client API KEY. | | code | string | Required. The code you received as a response to Step 2. | ### Response The response from `/access_token` API, the application receive parameters following, the application can determine which user is logged according to the `username`. ```json Accept: application/json { "username": "nut_agent_0001", "access_token":"EXAMPLE_ACCESS_TOKEN", "token_type":"bearer" } ``` ## Step 4: Use the access token to access the API (Optional) ``` curl -H "Authorization: Bearer EXAMPLE_ACCESS_TOKEN" https://nut-nft.com/oauth/user ``` ### Response ```json Accept: application/json { "username": "nut_agent_0001", "eth_address": "0x000000000000000000000000000", "own_nut_nft_list": [1, 3, 4], "expired_time": 1662303694550 } ```