Authentication

Authenticate with Recon Instruments

Recon Instruments uses OAuth 2.0 to grant access to services and data within our platform.  All requests to the API are made over SSL (https://) in order to protect data during transfer.

Authentication is required for nearly all API calls to Recon Instruments.  We use the standard client_id and secret combination to identify your application with us.  When you make an API call you’ll append the access token with your request in the header as detailed in the documentation.

How do I obtain an access token?

1.  Make sure you have a valid application configured – Create your application here

*Make sure your callback URL starts with PROTOCOL:// (such as http:// or app binding scheme)

2.  Your application will make a request to authenticate a user using the following:

https://engage.reconinstruments.com/oauth2/?client_id={your_client_id}&client_secret={your_client_secret}&scope=users&response_type=code&redirect_uri={your_callback_url}

3. Recon will handle logging in and requesting permission on your behalf.

4. If the user grants you access then a callback will be posted to your defined URL with the URL parameter of ?code={your_code} appended.

5. The code you’ve received can now be exchanged for an access_token by posting to this URL as :

POST https://engage.reconinstruments.com/oauth2/access_token

Content-Type: application/x-www-form-urlencoded 

Post Fields:
client_id : {your_client_id}
client_secret: {your_client_secret}
redirect_uri: {your_redirect_uri}
grant_type: authorization_code
code: {your_code}

Scope (Permissions)

Scope allows you to specify the breadth of information you’re requesting from a user.  Currently, all applications share the “users” scope.  This allows you access their trip information as well as other metadata about the user and their friends.  In the future Recon will be expanding scope to allow more fine grained control for users and applications.

Have questions?  Head over to the forum to get answers!