search
Go to Movemint

Authentication

The Movemint API uses OAuth 2.0 for authentication and authorization. All API entity requests require a valid Bearer token.

hashtag
Supported Grant Types

Grant Type
Use Case

Authorization Code

Server-side applications that can securely store a client secret

Client Credentials

Machine-to-machine communication with no user context

hashtag
Step 1: Register an OAuth Application

Contact the Movemint team to register your OAuth application. You will receive a Client ID (client_id) and Client Secret (client_secret). You must also provide one or more Redirect URIs where users will be sent after authorizing your application.

hashtag
Step 2: Authorization Code Flow

Redirect the user's browser to the authorization endpoint:

GET https://www.movemint.cc/oauth/authorize
  ?client_id=YOUR_CLIENT_ID
  &redirect_uri=YOUR_REDIRECT_URI
  &response_type=code
  &scope=

After the user approves access, they are redirected back to your redirect_uri with an authorization code query parameter:

https://your-app.com/callback?code=AUTHORIZATION_CODE

hashtag
Step 3: Exchange the Code for Tokens

curl -X POST https://www.movemint.cc/oauth/token \
  -d grant_type=authorization_code \
  -d code=AUTHORIZATION_CODE \
  -d client_id=YOUR_CLIENT_ID \
  -d client_secret=YOUR_CLIENT_SECRET \
  -d redirect_uri=YOUR_REDIRECT_URI

Response:

Access tokens expire after 2 hours (7200 seconds) by default.

hashtag
Step 4: Refresh an Expired Token

hashtag
Step 5: Use the Token in API Requests

Include the access token as a Bearer token in the Authorization header:

hashtag
Revoking Tokens

To revoke an access token or refresh token:

hashtag
Obtain or refresh an access token

post

Exchange an authorization code or refresh token for an access token. This endpoint supports the authorization_code, refresh_token, and client_credentials grant types.

Body
or
or
Responses
chevron-right
200

Token issued successfully

application/json
access_tokenstringRequired

The access token to use in API requests

token_typestring · enumRequired

Always "Bearer"

Possible values:
expires_inintegerRequired

Token lifetime in seconds (default 7200 = 2 hours)

Example: 7200
refresh_tokenstringOptional

Token used to obtain a new access token when the current one expires. Not present for client_credentials grants.

created_atintegerRequired

Unix timestamp of when the token was created

post
/oauth/token

hashtag
Revoke a token

post

Revoke an access token or refresh token. After revocation, the token can no longer be used to access protected resources.

Body
tokenstringRequired

The access token or refresh token to revoke

client_idstringRequired

Your application's Client ID

client_secretstringRequired

Your application's Client Secret

Responses
chevron-right
200

Token revoked successfully (always returns 200, even if the token was already revoked)

No content
post
/oauth/revoke
No content

hashtag
Get token info

get

Retrieve metadata about the current access token, including its scopes, expiration, and associated resource owner and application.

Authorizations
AuthorizationstringRequired

Pass the access token in the Authorization header:

Authorization: Bearer YOUR_ACCESS_TOKEN
Responses
chevron-right
200

Token information

application/json
resource_owner_idinteger · int64Optional

The ID of the athlete who authorized the token

scopesstring[]Required

List of scopes granted to this token

expires_in_secondsintegerRequired

Seconds until the token expires

created_atintegerRequired

Unix timestamp of when the token was created

get
/oauth/token/info
PreviousBase URLNextCore Resources

Last updated