Authorization Server Metadata

Returns the Authorization Server metadata document as specified by RFC 8414. Clients MUST use this endpoint to discover all endpoint URLs rather than hardcoding them. The response is public and cacheable for the duration of a session.

Response Body

`application/json`

curl -X GET "https://api.whatalo.com/.well-known/oauth-authorization-server"

{
  "issuer": "https://app.whatalo.com",
  "authorization_endpoint": "https://app.whatalo.com/oauth/authorize",
  "token_endpoint": "https://app.whatalo.com/oauth/token",
  "registration_endpoint": "https://app.whatalo.com/oauth/register",
  "introspection_endpoint": "https://app.whatalo.com/oauth/introspect",
  "revocation_endpoint": "https://app.whatalo.com/oauth/revoke",
  "response_types_supported": [
    "code"
  ],
  "grant_types_supported": [
    "authorization_code",
    "refresh_token"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "none"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "revocation_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "scopes_supported": [
    "read:products",
    "write:products",
    "read:orders",
    "write:orders",
    "read:customers",
    "write:customers",
    "read:store",
    "write:store",
    "read:discounts",
    "write:discounts",
    "read:inventory",
    "write:inventory",
    "read:analytics",
    "read:webhooks",
    "write:webhooks"
  ],
  "subject_types_supported": [
    "public"
  ],
  "resource_parameter_supported": true,
  "service_documentation": "https://developers.whatalo.com/docs/api/oauth/overview",
  "op_policy_uri": "https://whatalo.com/legal/privacy",
  "op_tos_uri": "https://whatalo.com/legal/terms"
}

Response Body

200application/json

`application/json`