Generate an Access Token
Now that you have your client_id
and client_secret
, in order to generate an Access Token for a Public App you need to perform the following steps: redirect your users to the Authorization URL, retrieve the code, exchange it for an access token. Let's do this step by step.
Redirect users to the Authorization URL
The first step is to create an Authorization URL, where you need to redirect your users. The users will authorize your App from this page.
The Authorization URL has the following schema
https://lnk.bio/manage/access?response_type=code&client_id={client_id}&redirect_uri={urlencoded_redirect}&scope=basic&state={variable_state}
The parameters you need to change are:
{client_id}
the App Client Id you obtained when you created the app{urlencoded_redirect}
one of your Redirect URIs{variable_state}
a security variable that should change with each request and be verified from your backend to mitigate CSRF attacks
Retrieve the Code
Once the user is presented the Authorization URL and they accept the connection with your App, they will be redirected to your Redirect URI, and among the GET parameters we will pass two variables: code
and state
code
is a unique, one-time code that you can use to exchange for an access tokenstate
refers to the previous variable you passed to the Authorization URL. Your backend should verify it's the same.
For example, if your Redirect URI is https://yourdomain.com/integrations/lnk.bio
The code will be passed as follows
https://yourdomain.com/integrations/lnk.bio?code=35475d6ff85842ccbb8d218e2f5e54bbf6d51779&state=134545
And you can extract the code from your GET paramers. In this example code
would be 35475d6ff85842ccbb8d218e2f5e54bbf6d51779
Exchange the Code for an Access Token
Now that you have your code
you can use it to request a new access_token
from the /oauth/token
endpoint.
Here's an example call with CURL
curl -u client_id:client_secret https://lnk.bio/oauth/token -d "grant_type=authorization_code&code={code}"
If your credentials are correct, you will receive a JSON response like the following
{"access_token":"ce7d13459ce5046ae78646d17a0550b809b7435e","expires_in":3600,"token_type":"Bearer","scope":"basic","refresh_token":"a9daea7ae107c7e734e502d6dd9a843282a2a3b9"}
Extract the access_token
part and you can start authenticating your calls to the Lnk.Bio APIs adding the access_token in the Authorization: Bearer
header of your calls.
For example in CURL
curl -H 'Authorization: Bearer ce7d13459ce5046ae78646d17a0550b809b7435e' https://lnk.bio/oauth/v1/me