API Introduction

Authentication

Tagcash uses OAuth 2.0 for API authentication which is the latest standard

There are 3 ways in which you can do this:

  1. Authorization Code
  2. Client Credentials
  3. Implicit

1. Authorization Code

This type of authentication is mainly intended for server side applications that can keep their Client ID and Client Secret. For e.g. a PHP application whose code is not available to the public.

Step 1:
Using your client id you redirect to Tagcash login page where the user enters his log in details. He will be shown the permission required by the app. After that, the user will be redirected back to the app along with an authorization code.

Parameters:
Parameters:
Parameters are to be passed as GET
URL:
URL:
https://api.tagcash.com/oauth
client_id:
client_id:
[Generated by Tagcash API Developer page of Community]
redirect_uri:
redirect_uri:
[Set on Tagcash API Developer page of Community]
response_type:
response_type:
code
scope
scope:
space separated permissions [OPTIONAL]
state
state:
1381395146 [OPTIONAL] Random value to prevent CSRF attacks

Final URL:

Step 2:
The server side code of the app then uses this authorisation code along with the client id and secret to obtain the access token, which can be used in all subsequent requests.

Parameters:
Parameters:
Parameters are to be passed as POST
URL:
URL:
https://api.tagcash.com/oauth/accesstoken
client_id:
client_id:
[Generated by Tagcash API Developer page of Community]
client_secret:
client_secret:
[Generated by Tagcash API Developer page of Community]
grant_type:
grant_type:
authorization_code
redirect_uri:
redirect_uri:
[Set on Tagcash API Developer page of Community]
code
code:
[code from the redirect url]
2. Client Credentials

This kind of authentication is used when an app/community needs to log in on behalf of itself. It won't be able to switch to the user perspective though.

Parameters:
Parameters:
Parameters are to be passed as POST
URL:
URL:
https://api.tagcash.com/oauth/accesstoken
client_id:
client_id:
[Generated by Tagcash API Developer page of Community]
client_secret:
client_secret:
[Generated by Tagcash API Developer page of Community]
grant_type:
grant_type:
client_credentials
3. Implicit

This type of authentication is intended for client side application like the ones using JavaScript, which CANNOT keep their client id and client secret as secret. There is only one step involved in such applications. They directly get the token after the user approves them. In this case the access tokens would be short lived.

Parameters:
Parameters:
Parameters are to be passed as POST
URL:
URL:
https://api.tagcash.com/oauth
client_id:
client_id:
[Generated by Tagcash API Developer page of Community]
redirect_uri:
redirect_uri:
[Set on Tagcash API Developer page of Community]
scope
scope:
space separated permissions [OPTIONAL]
response_type:
response_type:
token

Final URL: