Code flow - authorize
The user browser should be directed to the following authentication url. The user will see the Lime Trading login form to input the credentials.
-X GET
'https://auth.lime.co/connect/authorize?response_type=code&client_id={{your_client_id}}&redirect_uri={{your_redirect_uri}}'
After successful authentication the user is redirected to redirect_uri with HTTP code 302 and the authorization code:
302 Found
Location: {{your_redirect_uri}}?code={{code}}
Request
| parameter | description |
|---|---|
| response_type | Required. This is the OAuth authorization flow to use. In this case this is code. |
| client_id | Required. The client id issued to the service |
| redirect_uri | Required. The url to redirect the user after successful authentication. For security reasons, we do not allow just any url, we require this url to be registered first |
Code flow - access token
The next step is to exchange the authorization code to an access token which will be used to authenticate all API requests. The access token expires at 3:00 AM ET and is not prolonged with every usage.
-X POST
--header 'Accept: application/json'
--header 'Content-Type: application/x-www-form-urlencoded'
-d 'grant_type=authorization_code&code={code}&client_id={client_id}&client_secret={your_client_secret}&redirect_uri={your_redirect_uri}'
'https://auth.lime.co/connect/token'
Response example
{
"scope": "email profile",
"token_type": "Bearer",
"access_token": "MjAwOTg1OWUtZTUwMy00YzY4LWEyZWQtODU0N2NkZTJiNDdlfDIwMTcxMDA3MTkyNDQzfHRlc3R8U2VyZ2V5fE1pbmtvdg==",
"expires_in": 28800
}
Request
| parameter | description |
|---|---|
| grant_type | Required. This is the OAuth authorization flow to use. authorization_code in this case. |
| client_id | Required. The client id issued to the service |
| client_secret | Required. The client secret issued to the service |
| code | Required with authorization_code grant type. The authorization code received at the previous step. Please note the authorization code lifetime is short (5 minutes) so please be sure to exchange the code to a token immediately. |
| redirect_uri | Required with authorization_code grant type. The same url as on the previous request authorization step. |
Response
| name | type | description |
|---|---|---|
| access_token | string | The access token |
| scope | string | The scopes this token grants access to |
| token_type | string | Bearer means that the access token should be put to the Authorization header of every web request |
| expires_in | number | The expiration lifetime in seconds |