data.world supports the OAuth 2.0 protocol for authentication and authorization. If you are new to OAuth 2.0, the OAuth Bible is a good place to start and learn some of the theory.
Below is an example of what the user experience might look like in your product:
Application redirects user to
https://data.world/oauth/authorizefor authorization, providing the following parameters:
response_type = "code"
Example Authorization URL:
https://data.world/oauth/authorize? client_id=3MVG9lKcPoNINVB& redirect_uri=http://localhost/oauth/code_callback& response_type=code
User logs into data.world and grants application access.
data.world redirects user back to the
Application takes the
codeand exchanges it for an access token:
grant_type = "authorization_code"
Example Token Request:
POST https://data.world/oauth/access_token? code=zac4ZV2XbleQ2e& client_id=3MVG9lKcPoNINVB& client_secret=3iQF9BsWEr6nCf& grant_type=authorization_code
client_secretare valid data.world will respond with:
Alternatively, if a
data.worldwill invoke it passing the same list of attributes.
access_tokento use in subsequent requests by placing it into the request as an
Authorization: Bearer [access_token]header string.
This flow requires that your application runs on a web server, so that steps #3 and #4 can be performed while your
client_secret remains protected behind a server environment.
DO NOT include your
client_secret for your web app in source code that accessible to others. Use the native applications flow instead, if you cannot guarantee the confidentiality of your
Check out our reference implementation on GitHub.
This example, written in Node.js can be deployed to your Heroku account as-is with click of a button. Super easy!
Look for the Deploy to Heroku button at the bottom of the README.md.
Use the form below to request your OAuth keys. We’ll try to respond within one business day.
While you wait, you can start programming against our APIs using your personal API token which can be obtained at https://data.world/settings/advanced