Points2shop OAuth API

Sign up FREE & get 250 points

The OAuth API allows you to access data that requires user's permission. You can access user's basic information, like points, cash, merits etc., as well as more advanced data like the users completed offers or the users referrals.

In order to retrieve user's data, you will ALWAYS require the user's permission.

The process of obtaining the user's permission

  • To have a user grant permission to load his or her information, you'll have to send the user to a URL that consists of several parameters. Generally, a URL will look like this:


Explanation of the parameters in the URL:
client_id your application's client ID. This ID can be found in the details of your application.
redirect_uri one of the redirect_uris you have registered for your application
scope the user's permissions you want to request. An overview of skopes can be found at the bottom of this document.
Authorization Flow
  • Once you send a user to the URL discussed up here, it will show a authorization page where the scopes you have requested will be displayed. The user can either allow or reject the OAuth request.
  • If the user allows the permissions, the user will be redirected to the redirect_uri specified in the URL. For example, if you have sent the user to http://www.points2shop.com/oauth?client_id=your_client_id&redirect_url=http://example.com/back?&scope=basic_profile,email&response_type=code, the user will be redirected to http://example.com/back?code=somesecretcode. The code is required to verify the user validation request.
  • If the user rejects the permissions, the user will be redirected to the redirect_uri specified in the GET parameter. The parameters error=denied will be appended to the redirect_uri.
  • Once you have obtained the code, you can retrieve the OAuth access token by making an HTTP POST request to http://www.points2shop.com/oauth/token. Send the code you previously obtained in the POST parameter code. In addition to the code parameter, the POST data must contain your client_id and client_secret which can both be found in the application details. Combined you'll send three POST parameters (code, client_id and client_secret) to validate the request. The script will return a response body containing a JSON object.

A sample response body looks like this:

{"access_token": "65ca86d35a5c101d5ca116d6ecaa994ae292bc10", 
  "expires_in": 86029, 
  "refresh_token": "0dacfb99d7be86ec896662e9eb2e5d3404d87e84"

Once you obtain the access token, you can query the server for user granted resources. The access token has a lifetime of seven days. After the access token has expired, you can obtain a fresh access token by using your refresh token.

To obtain a fresh access token, send an HTTP POST request to http://www.points2shop.com/oauth/token. In your request, include the POST parameters, refresh_token, client_id and client_secret. The response body contains an object in JSON format. The object includes the renewed access token.

A sample response body looks like this:

{"access_token": "65ca86d35a5c101d5ca116d6ecaa994ae292bc10", 
"expires_in": 85607, 
"refresh_token": "0dacfb99d7be86ec896662e9eb2e5d3404d87e84"


basic_profile User's id, username, first name and last name
email user's email address
completed_offers the offers the user has completed
referrals information about user's referrals
add_shout post message to shoutboux
read_message read user's message
send_message send message to other users
access_orders access user's orders
games view games, view tournaments for a game
notifications access user's notifications
stats access user's statistics

Accessing Protected Resources Using OAuth Access Token

Example scripts

Sample PHP Application To Demonstrate OAuth Usage

Back to API Introduction

Login with your social network:
Log in with your account: