Authorization
Before your application can access a user’s private data, launch, or schedule a meeting on a join.me user’s behalf, you must obtain an access token via OAuth 2.0. The join.me API currently supports the OAuth 2.0 Implicit Grant and Authorization Code Grant flows.
Overview
Authorizing join.me API calls involves 3 steps:
-
Obtain an API key for your application.
Tip: Haven't set up an API key yet? Learn more about registering your application with join.me. - Obtain an access token via OAuth 2.0 to gain access to a set of resources on behalf of a join.me user. You have 2 options:
- When you make an API call, include the access_token in the HTTP Authorization header.
If you're not familiar with implementing OAuth 2.0, we recommend you check out hello.js. It even includes a plug-and-play join.me OAuth module!
Making an API call
All API calls must include the following HTTP header:
Authorization: Bearer {access_token}
Tip: Visit the Builder to explore and test different API calls. In order to use the Builder with your API key you must temporarily set your application’s Callback URL to: https://developer.join.me/io-docs/oauth2callback. See FAQ for more information.
A token can only grant access defined by the scope of the token request. For example, a token issued with the user_info scope will provide access to the user’s information, but cannot be used to schedule a meeting for that user.
Expire Access
When developing an application using OAuth 2.0 for authentication, testing the scenario in which your access token expires can be difficult. To alleviate the difficulty in waiting for this scenario to occur, we offer an endpoint to explicitly expire your access_tokens. Upon a successful expiration call, follow the refresh token flow to refresh your access.
When using this endpoint, it can take up to 10 minutes for the access_token revocation to propagate through our system.
Note: The refresh process is only applicable for access tokens obtained through the authorization code grant flow. Expired access token obtained through the implicit grant cannot be refreshed. Once expiring an implicit grant access token, you will need to send the user into the initial OAuth 2.0 workflow again.
URL
https://secure.join.me/api/public/v1/auth/expireaccess
Method
POST
{
access_token = {access_token},
client_id = {client_id},
client_secret = {client_secret}
}
Example Success Response
{
success = true,
message = "Access Token Expired"
}
Example Error Response
{
success = false,
message = "Expire Access Failed"
}