OAuth 2.0

OAuth 2.0 is a protocol that lets external apps request authorization to private details in a user’s Xurrent account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time.

Before getting started, developers need to register their application in the Applications console of their My Profile section. A registered OAuth application is assigned a unique Client ID and Client Secret. The Client Secret should not be shared.

Depending on the use case, either the Authorization Code Grant or the Client Credentials Grant should be used:

Service URL

In order to successfully perform OAuth requests, the Xurrent application requires the use of a OAuth service URL that references the instance of a specific environment and region:

Instance Environment Region
https://oauth.4me.com Production Global
https://oauth.au.4me.com Production Australia
https://oauth.uk.4me.com Production United Kingdom
https://oauth.ch.4me.com Production Switzerland
https://oauth.us.4me.com Production United States
https://oauth.4me.qa Quality Assurance Global
https://oauth.au.4me.qa Quality Assurance Australia
https://oauth.uk.4me.qa Quality Assurance United Kingdom
https://oauth.ch.4me.qa Quality Assurance Switzerland
https://oauth.us.4me.qa Quality Assurance United States
https://oauth.4me-demo.com Demo Global