OAuth 2.0 Integration Guide
Overview
Integrate OAuth 2.0 to securely access services through third-party servers.
Configuration
POST {BaseURL}/api/v1/configure/configure-redirect-url
Content-Type: application/json
Authorization: Basic {encodedClientId:clientSecret}
{
"white_list_redirect_urls": [
"http://domain_webhook"
]
}
Step 1: Generate Connect Link
Construct the URL to initiate the OAuth flow:
{BaseURL}/connect?client_id={client_id}&redirect_url={redirect_url}&state={state}Parameters
| Parameter | Description | Required |
|---|---|---|
BaseURL | The base URL of the API | Yes |
client_id | The client's unique identifier | Yes |
redirect_url | URL to redirect after authentication | Yes |
status | A unique state to maintain state between redirects | No |
Step 2: Redirect Handling
Upon successful authentication, users are redirected with an authToken:
redirect_url?authToken={authToken}Step 3: Token Request
Exchange the authToken for access and refresh tokens:
POST {BaseURL}/api/v1/auth/connect
Content-Type: application/json
Authorization: Basic {encodedClientId:clientSecret}
{
"auth_token": "{authToken}"
}Headers
- Content-Type:
application/json - Authorization: Basic Auth
clientId:clientSecret- The
clientIdandclientSecretshould be base64 encoded.
- The
Request Parameters
| Parameter | Description | Required |
|---|---|---|
auth_token | Temporary token from Step 2 | Yes |
Successful Response
{
"access_token": "your_access_token_here",
"refresh_token": "your_refresh_token_here",
"business_info": {
"moc_id": "1234567890",
"company_name_en": "CH168 Co., Ltd",
"company_name_kh": "ក្រុមហ៊ុនស៊ីអេច១៦៨",
"tin": "1234567890",
...
}
}Response Parameters
| Field | Description |
|---|---|
access_token | Token to access the API securely |
refresh_token | Token to renew the access_token |
business_info | Object containing business details |
Business Information Parameters
| Field | Description |
|---|---|
moc_id | Ministry of Commerce ID, a unique identifier for the company |
company_name_en | The official name of the company in English |
company_name_kh | The official name of the company in Khmer |
tin | Tax Identification Number, unique tax number for the company |
date_of_incorporation | The date on which the company was officially registered |
business_type | Type of business the company is involved in |
city | The city where the company is located |
country | The country code for Cambodia (KH) |
phone_number | The primary contact number for the company |
email | The email address for business correspondence |
Step 4: Make API Calls
To make API calls, replace ACCESS-TOKEN with your access token in the authorization header: -H Authorization: Bearer ACCESS-TOKEN. When your access token expires, request a new one by calling /api/v1/token with your refresh token.
💡
This guide assumes that you have already set up your client_id and know your redirect URL.