Authentication

Pike13 apps use a standard "authorization code" OAuth 2 Flow. Your application contains a Log In link that sends users to Pike13. The URL will look something like this:

The user will be redirected back to your site with an authorization code parameter in the URL after authenticating with Pike13 and granting access to your application:

Your server exchanges the authorization code for an access token. Values are passed as form parameters. Please note, that redirect_uri must exactly match the callback_url you specified when registering your app and obtaining an authorization code.

POST https://pike13.com/oauth/token?
  grant_type=authorization_code&
  code=AUTH_CODE&
  redirect_uri=REDIRECT_URL&
  client_id=CLIENT_ID&
  client_secret=SECRET

You will receive the access token via JSON in the response (or an error):

An access token is required when making API requests. The access token can be supplied by using an HTTP header:

Or by using a URL query parameter:

Currently, Pike13 access tokens don’t expire, so your app does not need to refresh the token. Access tokens could be revoked. If a token is revoked for any reason, your app should handle re-authentication.

If your application is tied to one business and you do not need access to a user's profiles in other businesses or if you want the users of your application to see a login screen branded to a particular business, include the subdomain of that business in the access URL:

If your application requires access to a user's complete Pike13 account across all businesses, exclude the subdomain. This will result in the users seeing a Pike13-branded login screen (that isn't business-specific).