Open Authorization, usually referred to as OAuth, is a standard protocol that allows secure authorization without sharing password credentials.
Instead of sharing a username and password, OAuth uses tokens that provide specific, limited permissions. A common example is when you're given the option to sign in with Google or Apple.
In your Proof account, we offer OAuth as an alternative to API keys. Read the OAuth dev docs here.
Who this is for
Any user in your organization with an owner or admin role and notaries sourcing transactions (NSTs) can perform the actions described below.
This is a paid feature and must be enabled by Proof. If you're interested in this feature, contact your Customer Success Manager (CSM) or contact our sales team.
How it works
To utilize OAuth in your account, you need to create a client application. You can create an unlimited number of client applications.
Each client application:
- Has one unique App ID.
- Can have multiple random App secrets.
- Has a scope equivalent to a full-access API key.
App secrets:
- Are displayed to the user only once.
- Must be copied.
- Display the date and time of creation.
- Can be deleted unless it is the only one associated with the client application.
OAuth tokens expire every 2 hours.
Create an OAuth client application
- Click Settings from the menu on the left.
- Click OAuth from the Settings page menu.
- Type the name of the client application.
- Click Create client application.
- Click Copy to clipboard to copy the secret.
- Be sure to copy the secret — it will no longer be visible once you navigate away from this page.
- Be sure to copy the secret — it will no longer be visible once you navigate away from this page.