OAuth 2.0

This specification explains how to get access to Karhoo API from third-party apps.

It is a complementary part of the Authentication API v1.0 which was primarily designed to obtain credentials required for accessing Karhoo API in backend-to-backend communication scenarios.

The following specification expands it further and addresses use cases of third-party web and mobile applications (clients) attempting to access Karhoo API. Furthermore, it enables federated identities (delegation scenarios) where users can be registered within external authentication systems rather than the Karhoo platform itself.

This specification is compliant with the OAuth 2.0 Authorization Framework spec.


Compatibility with Authentication API 1.0

Please bear in mind that the Identity API is a completely separate auth realm than the Authentication API 1.0.
They cannot be used interchangeably. As a result, it is impossible to:

  • get an access token on Authentication API and refresh this token on Identity API
  • get an access token on Authentication API and get corresponding user details on Identity API