Code flow - authorize
The user browser should be directed to the following authentication url. The user will see the Lime Trading login form to input the credentials.
-X GET
'https://auth.lime.co/connect/authorize?response_type=code&client_id={{your_client_id}}&redirect_uri={{your_redirect_uri}}'
After successful authentication the user is redirected to redirect_uri with HTTP code 302 and the authorization code:
302 Found
Location: {{your_redirect_uri}}?code={{code}}
Request
| parameter | description |
|---|---|
| response_type | Required. This is the OAuth authorization flow to use. In this case this is code. |
| client_id | Required. The client id issued to the service |
| redirect_uri | Required. The url to redirect the user after successful authentication. For security reasons, we do not allow just any url, we require this url to be registered first |
Code flow - access token
The next step is to exchange the authorization code to an access token which will be used to authenticate all API requests. The access token is valid for 24 hours and is automatically extended to 24 hours with each API call.
-X POST
--header 'Accept: application/json'
--header 'Content-Type: application/x-www-form-urlencoded'
-d 'grant_type=authorization_code&code={code}&client_id={client_id}&client_secret={your_client_secret}&redirect_uri={your_redirect_uri}'
'https://auth.lime.co/connect/token'
Response example
{
"scope": "email profile",
"token_type": "Bearer",
"access_token": "MjAwOTg1OWUtZTUwMy00YzY4LWEyZWQtODU0N2NkZTJiNDdlfDIwMTcxMDA3MTkyNDQzfHRlc3R8U2VyZ2V5fE1pbmtvdg==",
"expires_in": 28800
}
Request
| parameter | description |
|---|---|
| grant_type | Required. This is the OAuth authorization flow to use. authorization_code in this case. |
| client_id | Required. The client id issued to the service |
| client_secret | Required. The client secret issued to the service |
| code | Required with authorization_code grant type. The authorization code received at the previous step. Please note the authorization code lifetime is short (5 minutes) so please be sure to exchange the code to a token immediately. |
| redirect_uri | Required with authorization_code grant type. The same url as on the previous request authorization step. |
Response
| name | type | description |
|---|---|---|
| access_token | string | The access token |
| scope | string | The scopes this token grants access to |
| token_type | string | Bearer means that the access token should be put to the Authorization header of every web request |
| expires_in | number | The expiration lifetime in seconds |