Integrating your app with Loop and Tie has never been easier

Authorizing 3rd party applications to use your account is easy. To create an integration with Loop & Tie, contact support at [email protected]

Authorization Code Flow

When you register your application with Loop & Tie, we will issue you with a client_id and client_secret. We will use these later in the flow, to allow you to exchange an authorization_token for an access_token which you can use in requests to our API.

Requesting an authorization token

To request the authorization token, you should visit the /oauth2/authorize endpoint.

http://www.loopandtie.com/oauth2/authorize?client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&response_type=code

If the user is not logged into the Loop and Tie website, they will be prompted to Log in, and then prompted to authorize your application to access their account.

872872

When the user clicks "Authorize" they will be redirect back to your specified redirect_url with an authorization_token as a parameter of the response, e.g.:

code=225bd83cfd7f20939916694fe1e7967ba63ccede80f7b8abfd5e79d22df068fe

Using this authorization_token (code), you should exchange this for an access_token for the user.

Requesting the access token

To retrieve the access_token for the user, you should send an HTTP POST request from your server, with the credentials supplied to you from Loop and Tie when you setup your app integration.

Using cURL, this might look like:

curl -X POST \
  https://www.loopandtie.com/oauth2/token \
  -F client_id=6d707fe6c4e0e66c31cae50f29bb50bee26d01ee28124050064dcbebe4b56d7a \
  -F client_secret=0200e9bcdb4a1e8798243306522cda45bf8cbe9209210cfdeb7017de10c20336 \
  -F code=777d8588b18023029da14506d881587ca3bf70f981823ba989a292282eeafea2 \
  -F grant_type=authorization_code \
  -F redirect_uri=https://your.site/redirect-uri

If successful, this will return you a payload containing an access_token.

{
  "access_token":"lt_yourawesomeapp_YyMTbOujweXw-GtkllEfZyM7GsY",
  "token_type":"bearer",
  "created_at":1529032029
}

You should use this token calls to the API, specifying it in the Authorization header, as a Bearer token, e.g.:

Authorization: Bearer de6780bc506a04bd9362820ba8aed28a71eedbe1c5c4f9dd350e54