mirror of
https://github.com/mastodon/documentation
synced 2025-04-11 22:56:17 +02:00
cb3aa4de10
* Improve deprecation messaging for Application#vapid_key * Format JSON examples in Instance methods * Remove vapid_key from Apps API examples, since this property is deprecated on Application entity * Add documentation for new OAuth 2.0 features added in 4.3.0 * Improve documentation for oauth-scopes * Update content/en/api/oauth-scopes.md Co-authored-by: Matt Jankowski <matt@jankowski.online> * Update content/en/api/oauth-scopes.md Co-authored-by: Matt Jankowski <matt@jankowski.online> * Update content/en/api/oauth-scopes.md Co-authored-by: Matt Jankowski <matt@jankowski.online> * Update content/en/api/oauth-scopes.md Co-authored-by: Matt Jankowski <matt@jankowski.online> * Add deprecated and removed shortcode labels * Use deprecated and removed shortcodes * Improve OAuth documentation * More OAuth documentation improvements * Correct streaming API documentation after 4.2.0 changes * Add note about improved Push Subscription API validation in 4.3.0 * Fix inconsistent OAuth label formatting * Add note that there is a relationship between Accounts and the Application used to create them * Add note that application registration endpoint also supports JSON bodies * Be consistent in the formatting of placeholder values for Bearer tokens * code review changes * Slight changes in wording * Add documentation for PKCE * Removal of crypto oauth scope * Cross-link authorization's scope with the OAuth Scopes documentation * Update content/en/methods/oauth.md * Update content/en/api/oauth-scopes.md --------- Co-authored-by: Matt Jankowski <matt@jankowski.online> Co-authored-by: David Roetzel <david@roetzel.de>
28 lines
1.3 KiB
Markdown
28 lines
1.3 KiB
Markdown
---
|
|
title: OAuth Tokens
|
|
description: Defining what token types are used throughout this documentation
|
|
menu:
|
|
docs:
|
|
weight: 15
|
|
parent: api
|
|
---
|
|
|
|
## OAuth Tokens
|
|
|
|
Mastodon supports two different types of OAuth Tokens: App tokens and User tokens. Throughout this documentation you will see these token types referenced in the `OAuth` field for API endpoints.
|
|
|
|
The `OAuth` field also references Public, in which case no OAuth access token needs to be supplied to access the API endpoint.
|
|
|
|
### App tokens
|
|
|
|
In order to receive an App token, you must perform a [client credentials grant flow]({{<relref "client/token#flow" >}}), which gives you a token that can be used to interact with the API on behalf of the OAuth Application. Currently the only API endpoints that accepts this token type are:
|
|
|
|
- [`GET /api/v1/apps/verify_credentials`]({{<relref "methods/apps#verify_credentials" >}})
|
|
- [`POST /api/v1/accounts`]({{<relref "/methods/accounts#create" >}})
|
|
|
|
### User tokens
|
|
|
|
In order to create a User token, you must perform a [authorization code grant flow]({{<relref "client/authorized#flow">}}), which gives you an access token that is associated with the user who approves the access grant request.
|
|
|
|
Many Mastodon APIs require User tokens and specific scopes to access them.
|