Skip to main content
The following guide helps guide you through the endpoints required for plugin authorization. For more details on setting up app authorization flows as a whole, check out our app authentication guide here.

Plugin OAuth server setup

For OAuth, you’ll need to support 4 endpoints:
  • Getting an authorization code grant
  • Requesting an access token using an authorization code
  • Requesting an access token using a refresh token
  • Revoking an access token
The endpoints must accept the requests outlined below and return responses minimally matching the outlined response shapes (additional attributes can be returned but we require at least what appears in these docs). The redirect URI we’ll use for all of our requests will be https://app.kit.com/apps/install. We’ll use Bearer Authorization to include the user’s access token on all the requests we make to your endpoints.
A diagram for this flow for apps that only require Plugin OAuth authentication can be found below. For guidance on apps that also require API authentication, also check out the app authentication guide here..