OAuth REST API
Open standard for secure API authorization
OAuth is an open standard protocol for secure authorization that enables applications to access user data without exposing passwords. It allows third-party services to exchange information on behalf of users through delegated access tokens. Developers use OAuth to implement secure authentication flows, integrate with social login providers, and build API authorization systems that protect user privacy while enabling seamless integrations.
https://authorization-server.com/oauth
API Endpoints
| Method | Endpoint | Description |
|---|---|---|
| GET | /authorize | Initiates the authorization flow by redirecting users to login and grant permissions |
| POST | /token | Exchanges authorization code for access token and refresh token |
| POST | /token/refresh | Obtains a new access token using a refresh token without user interaction |
| POST | /token/revoke | Revokes an access token or refresh token to terminate access |
| POST | /token/introspect | Validates and retrieves metadata about an access token |
| GET | /userinfo | Retrieves authenticated user profile information using access token |
| GET | /.well-known/oauth-authorization-server | Returns OAuth 2.0 server metadata and configuration details |
| POST | /device/code | Initiates device authorization flow for input-constrained devices |
| POST | /device/token | Polls for access token during device authorization flow |
| GET | /jwks | Returns JSON Web Key Set for token signature verification |
| POST | /client/register | Dynamically registers a new OAuth client application |
| GET | /client/{client_id} | Retrieves OAuth client configuration and metadata |
| DELETE | /client/{client_id} | Deletes an OAuth client registration |
Sponsor this page
AvailableReach developers actively building with OAuth. See live pageview data and self-serve checkout — your slot goes live in minutes.
View inventory & pricing →Code Examples
# Step 1: Get authorization code (redirect user to this URL)
# https://authorization-server.com/oauth/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=https://yourapp.com/callback&scope=read write
# Step 2: Exchange code for token
curl -X POST https://authorization-server.com/oauth/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code" \
-d "code=AUTHORIZATION_CODE" \
-d "redirect_uri=https://yourapp.com/callback" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET"
# Step 3: Use access token
curl -X GET https://api.example.com/resource \
-H "Authorization: Bearer ACCESS_TOKEN"Use OAuth from Claude / Cursor / ChatGPT
Get a hosted MCP endpoint for OAuth. Paste your OAuth API key, copy back one URL, drop it into Claude Desktop, Cursor, or any AI client that supports remote MCP. Your AI calls OAuth directly with your credentials — no local install, works on mobile.
oauth_authenticate_user
Initiates OAuth authorization flow and handles user authentication with automatic token management
oauth_refresh_token
Automatically refreshes expired access tokens using stored refresh tokens to maintain persistent access
oauth_introspect_token
Validates OAuth tokens and retrieves metadata including expiration, scopes, and user information
oauth_revoke_access
Revokes OAuth tokens to terminate user sessions and remove application access permissions
oauth_register_client
Dynamically registers new OAuth clients with custom configurations and callback URLs for multi-tenant applications
Connect in 60 seconds
Paste your OAuth key → get an MCP URL → paste into Claude/Cursor. Hosted by IOX, encrypted at rest.
Connect OAuth to your AI →