The XWMS API uses OAuth 2.0 for secure authentication and authorization.
powered by xwms
Terug naar overzicht
Supportgroepen
Clients & API
OAuth, tokens, scopes, API-toegang en clientinstellingen.
OAuth is an authorization standard that lets applications access protected user data without sharing user passwords.
Your app redirects the user to XWMS for login and consent. After successful authentication, XWMS returns an authorization code to your application.
An authorization code is a short-lived code that your backend exchanges for an access token.
An access token is a temporary credential used to call protected API endpoints on behalf of a user or client.
A refresh token allows your application to request a new access token without forcing the user to log in again.
Token lifetime depends on your configured security policy and client setup.
Supported flows include common OAuth patterns such as Authorization Code flow. Always use the flow that matches your app type and security requirements.
Yes. Mobile apps can integrate OAuth securely, typically using PKCE-enabled authorization flows.
Yes. Web applications commonly implement Authorization Code flow on a secure backend.
Redirect URLs can be managed in each client's settings. Use exact callback URLs that your application actually handles.
Exact URI matching prevents open redirect abuse and ensures authorization responses are only sent to trusted endpoints.
Yes. You can register multiple redirect URIs for a client, for example for local, staging, and production environments.
The sign-token and sign-token-verify endpoints are configured as free. Other endpoints such as user info, user address, countries, or default paid API requests can be billed by usage.
Live support
Begin een gesprek
Je moet ingelogd zijn om een supportticket te starten.
InloggenWelkom terug. Start een ticket of laat je vraag achter.
