Skip to content
/kontera/dev

Authorization

The public API offers authorization based on the OAuth 2.0 PKCE flow.

OAuth 2.0: Proof Key for Code Exchange (PKCE)

Please consult RFC 7636 for an in-depth explanation of the OAuth PKCE flow.

oauth-authorization-server.json
// app.kontera.ch/api/oauth/.well-known/oauth-authorization-server.json
{
    "issuer": "kontera",
    "authorization_endpoint": "https://app.kontera.ch/api/oauth/authorize",
    "token_endpoint": "https://app.kontera.ch/api/oauth/token",
    "token_endpoint_auth_methods_supported": ["client_secret_basic"],
    "token_endpoint_auth_signing_alg_values_supported": ["RS256"],
    "scopes_supported": ["api:documents:create", "api:transactions:create"],
    "response_types_supported": ["code", "code token"]
}