Resources
suzzy games provides support for OAuth2 allowing applications to use the API for authorization and retrieval of user data. It is recommended you Create an Application and store the given CLIENT_ID and CLIENT_SECRET for later use. OAuth2 URLs URL Description https://suzzygames.com/oauth2 Base Authorization URL https://apis.suzzygames.com/v1/oauth2/token Token URL https://apis.suzzygames.com/v1/oauth2/token/revoke Token Revocation URL
These endpoints will only accept the content type "application/x-www-form-urlencoded" OAuth2 Scopes A list of available scopes, some endpoints will return fields with a null value or return an error if a required scope is unavailable. Name Description identify Allows access to /users/@me endpoint email Allows /users/@me endpoint to return the user's email connections Allows access to /users/@me/applications endpoint
Authorization Code Grant
This is most commonly known as standard OAuth2, where the user follows an Authorization Flow in return for an access code which the application can exchange for the user's access token. All endpoints expect HTTP Basic Auth using your applications CLIENT_ID as the username and CLIENT_SECRET as the password Example Authorization URL https://suzzygames.com/oauth2?response_type=code&redirect_uri=https%3A%2F%2Fexample.org&client_id=1273&redirect_uri=https%3A%2F%2Fexample.org&scope=identify%20email&state=1734831153572 - response_type must always be code, as it is currently the only supported type. - redirect_uri is one of the Redirect URIs set in your application settings, url encoded. - client_id is your Application ID. - scope is a list of OAuth2 Scopes delimited by url encoded spaces (%20). - state is a unique string that will be returned if set. Example Redirect URL https://example.org?code=9AED9A46641F3E3F489523C643C177BB.oboQpOkOSQJvdYYa4WuPq8J3TaYqNgylfq97sa99DRk&state=1734831153572 The code can now be exchanged for a user's access token by making a POST request to the Token URL with the following parameters: - code - parameter taken from the query string - grant_type - value must be authorization_code - redirect_uri - the redirect_uri from the authorization url In response you will be bestowed an Access Token Response Access Token Response Name Type Description access_token string Token to include in authorization header token_type string String to prepend to token in authorization header expires_in number Seconds until access token expires refresh_token string Token to submit when making a refresh request scope string The relevant OAuth2 Scopes for this token (delimited with a space)
Refreshing Access Token Once an access token has expired you may refresh it by making a POST request to the Token URL with the following parameters: - grant_type - value must be refresh_token - refresh_token - the user's refresh token In response you will be bestowed a fresh Access Token Response Revoking Access Token You can revoke an access token by making a POST request to the Token Revocation URL with the following parameters: - token - the user's access token or refresh token