Authentication

Register

With the registration of your application from the application registration page, you can issue a client_secret and client_id. Please develop your application to include them. Also, you can create an access_token from the developer page for testing.

In addition, to use the API you will need one of the following:

  • Authentication by client_id
  • Authentication with OAuth

It is convenient to authenticate by client_id in applications because it does not require a user login. The other way is with Oauth.

client_id

When using an API request that requires client_id, please add the following parameters.

client_id=LKjneiuajvdafasdsadfsadfasdhfa...

Because the client_id function does not touch the data of users, you can safely use this in public code.

OAuth

This API complies with OAuth2.0. After you register your application on the developer page, you will get a client_secret and client_id. Please handle the client_secret with good security practices so that it will not be available to third parties. After authenticating the user in accordance with the procedure described below access_token will be issued for the user.

When using an API OAuth authentication is required, either the access_token should be applied as a parameter,

access_token=slakjfdijawnfjhf9w8ufwaejwa...

Or,
Please grant the request header as described below.

Authorization: Bearer slakjfdijawnfjhf9w8ufwaejwa..

Flow of User Authentication

Authorize application

Use the following URL to request access to user information.

GET       /oauth/authorize
parameter
NameTypeRemarks
client_idstring
redirect_uristring
response_typestringmust be 'code'

When users log in on this page, the application will be granted access to that users Gyazo information.

When authentication is completed the user will be redirected to the redirect_uri that you specify as a parameter. When this happens, the server will return the code. By using this code, you can get the user's access_token.

http://example.com/callback?code=asdklfajsdksajen...

Get access_token

POST       /oauth/token
parameter
NameTypeRemarks
client_idstring
client_secretstring
redirect_uristring
codestring
grant_typestringmust be 'authorization_code'

Access_token must be included in the response when you want to use the API to save.

HTTP/1.1 200 OK
Date: Fri, 12 Oct 2012 23:33:14 GMT
Content-Type: application/json; charset=utf-8
Status: 200 OK

{
  "access_token" : "fkjasdlfjoiwjefjwanlekfjhwalkfhal",
  "token_type" : "bearer",
  "scope" : "public"
}

expiration date of access_token

The expiration date of the access_token is not set. As long as you are a valid user the token will not stop working until you delete the application.