ENSign In
Referencia API.well-knownOauth authorization server

Authorization Server Metadata

Returns the Authorization Server metadata document as specified by RFC 8414. Clients MUST use this endpoint to discover all endpoint URLs rather than hardcoding them. The response is public and cacheable for the duration of a session.

GET
/.well-known/oauth-authorization-server

Response Body

application/json

curl -X GET "https://api.whatalo.com/.well-known/oauth-authorization-server"
{
  "issuer": "https://app.whatalo.com",
  "authorization_endpoint": "https://app.whatalo.com/oauth/authorize",
  "token_endpoint": "https://app.whatalo.com/oauth/token",
  "registration_endpoint": "https://app.whatalo.com/oauth/register",
  "introspection_endpoint": "https://app.whatalo.com/oauth/introspect",
  "revocation_endpoint": "https://app.whatalo.com/oauth/revoke",
  "response_types_supported": [
    "code"
  ],
  "grant_types_supported": [
    "authorization_code",
    "refresh_token"
  ],
  "code_challenge_methods_supported": [
    "S256"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post",
    "none"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "revocation_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "scopes_supported": [
    "read:products",
    "write:products",
    "read:orders",
    "write:orders",
    "read:customers",
    "write:customers",
    "read:store",
    "write:store",
    "read:discounts",
    "write:discounts",
    "read:inventory",
    "write:inventory",
    "read:analytics",
    "read:webhooks",
    "write:webhooks"
  ],
  "subject_types_supported": [
    "public"
  ],
  "resource_parameter_supported": true,
  "service_documentation": "https://developers.whatalo.com/docs/api/oauth/overview",
  "op_policy_uri": "https://whatalo.com/legal/privacy",
  "op_tos_uri": "https://whatalo.com/legal/terms"
}