suzzy games provides support for OAuth2 allowing applications to
use the API for authorization and retrieval of user data.
It is recommended you
Create an Application
and store the given
CLIENT_ID and
CLIENT_SECRET for later use.
OAuth2 URLs
URL
Description
https://suzzygames.com/oauth2
Base Authorization URL
https://apis.suzzygames.com/v1/oauth2/token
Token URL
https://apis.suzzygames.com/v1/oauth2/token/revoke
Token Revocation URL
These endpoints will only accept the content type "application/x-www-form-urlencoded"
OAuth2 Scopes
A list of available scopes, some endpoints will return fields with a
null value or return an error if a required scope is unavailable.
Name
Description
identify
Allows access to /users/@me endpoint
email
Allows /users/@me endpoint to return the user's email
connections
Allows access to /users/@me/applications endpoint
This is most commonly known as standard OAuth2, where the user
follows an Authorization Flow in return for an access code which the
application can exchange for the user's access token.
All endpoints expect HTTP Basic Auth using your applications
CLIENT_ID as the username and CLIENT_SECRET as the password
Example Authorization URL
https://suzzygames.com/oauth2?response_type=code&redirect_uri=https%3A%2F%2Fexample.org&client_id=1273&redirect_uri=https%3A%2F%2Fexample.org&scope=identify%20email&state=1734831153572
- response_type must always be code, as it is currently the only supported type.
- redirect_uri is one of the Redirect URIs set in your application settings, url encoded.
- client_id is your Application ID.
- scope is a list of OAuth2 Scopes delimited by url encoded spaces (%20).
- state is a unique string that will be returned if set.
Example Redirect URL
https://example.org?code=9AED9A46641F3E3F489523C643C177BB.oboQpOkOSQJvdYYa4WuPq8J3TaYqNgylfq97sa99DRk&state=1734831153572
The code can now be exchanged for a user's access token by
making a POST request to the Token URL
with the following parameters:
- code - parameter taken from the query string
- grant_type - value must be authorization_code
- redirect_uri - the redirect_uri from the authorization url
In response you will be bestowed an Access Token Response
Access Token Response
Name
Type
Description
access_token
string
Token to include in authorization header
token_type
string
String to prepend to token in authorization header
expires_in
number
Seconds until access token expires
refresh_token
string
Token to submit when making a refresh request
scope
string
The relevant OAuth2 Scopes for this token (delimited with a space)
Refreshing Access Token
Once an access token has expired you may refresh it by making a
POST request to the Token URL with
the following parameters:
- grant_type - value must be refresh_token
- refresh_token - the user's refresh token
In response you will be bestowed a fresh Access Token Response
Revoking Access Token
You can revoke an access token by making a POST request to the
Token Revocation URL with the following
parameters:
- token - the user's access token or refresh token