When we visit a lot of big companies open api, api will find these requirements to pass an access token parameter. What this argument is it? You need to go get this access token it?
access token is in Oauth2.0 agreement, the Client Access server resources need to bring a token (actually a period of globally unique random string). This token has been authorized on behalf of the user. Token which contains what information it? the answer is:
Which app which users are authorized to do what at what time
Of course, this information is not directly from the access token to see out, but the presence of party database platform, the platform can be used as a key access token to check out the information, and then verify that the caller has permission.
For Oauth2.0 readers do not understand, please see this article: a brief introduction Oauth2.0 principle
So, before calling the api, we need to get to the access token. Method to get three steps:
The first step to achieve a api:
GET /recieve_code?code=
The api receiving a code parameter. As for what to do after receiving the code, introduced in the third step. In this step, just to provide the api's url, and can be accessed in the public network, which logic can not be achieved first.
The second step, when you need to call the api platform, open interface platform provides an authorization in your app in the (party's platform sdk usually provide this step interface), and the first step in providing the url passed this interface.
The open interface might look something like this:
If the user agrees to do this, you will enter the account password for authorization. After authorization, the platform will automatically call the url provided in the first step, and pass over a code.
The third step is to use code to exchange access token.
There must be a platform api, receiving the code as a parameter and returns an access token and a refresh token. In the first step of this platform to call the api api. And access token and refresh obtained token stored on the server. Here, you get a token to access available.
Do not end here, however, is not every time you need to call an open platform api time, we must regain it once access token? the answer is negative. Acquired in the third step access token have a certain duration, it can always re-use before it expires. So, access token expires after the how to do it?
First of all, how do we know that access token has expired? The answer is that when using the access token to access the open api platform, if the access token has expired, api will complain, returns a token invalid error. At this point, we should use the refresh token to refresh the access token. Specific approach is to find documentation for your platform, refresh the access token to find the api, the api must needs refresh token as a parameter. According to the document to call it.