Authentication

The Capital Check In API uses OAuth2 authorization flow for secure access to endpoints.

OAuth2 Authentication

All API endpoints require authentication using OAuth2 access tokens obtained through the authorization code flow.

Getting an Access Token

To obtain an access token, you need to use the OAuth2 authorization flow:

OAuth2 Flow

For OAuth2 authentication, use the following endpoints:

GET /oauth/authorize - Start authorization flow
POST /oauth/token - Exchange authorization code for access token

OAuth2 Implementation Guide

Complete OAuth2 implementation guide with examples

Using Access Tokens

Once you have an access token, include it in the Authorization header:

Authorization: Bearer YOUR_ACCESS_TOKEN

Token Expiration

Access tokens have a limited lifespan. When a token expires, you’ll receive a 401 Unauthorized response. You can use the refresh token to obtain a new access token.

Security Best Practices

Never expose your access tokens in client-side code
Store tokens securely and rotate them regularly
Use HTTPS for all API requests
Implement proper error handling for authentication failures
Use the state parameter to prevent CSRF attacks

Get Started

API

​Authentication

​OAuth2 Authentication

​Getting an Access Token

​OAuth2 Flow