API Reference
Start typing to search…

Authorization Workflow

Authorization process

A Host will need to first create an account on Hostex. To initiate the authorization process, you must provide the Host with a button or link. This process consists of the following steps:

  1. Host clicks the authorization button or link.
  2. Host is redirected to the Hostex website. They must login to their Hostex account, if not already.
  3. Host will then review the data your application is requesting access to and can allow or deny access.
  4. If Host allows access, they will be redirected to the Redirect URL configured in your app settings. This will produce an authorization code which you can exchange for an access and refresh token.
  5. If Host denies access, the authorization process terminates, and they will not connect to your application.

Use the access token obtained in step four to authenticate requests for this Host and refresh it every 7 days to maintain its validity. Please refer to the Obtain/Refresh Tokens API for more details.


Setup Redirect URL

Before integrating OAuth, you must configure your Redirect URL. This URL is where Hosts will be redirected after authorizing access.

To add or modify your Redirect URL, please contact Hostex Support. Manual approval is required to ensure security and proper setup.


Build your authorization link

You should allow Hosts to authorize your application from a browser using a GET request to the following URL:

https://hostex.io/app/authorization?client_id={your_client_id}&redirect_uri={your_redirect_url}&state={whatever_you_want}

📘

The state parameter is a security feature in OAuth used to prevent cross-site request forgery (CSRF) attacks. It is a client-generated unique string included in the authorization request and returned in the callback response. The client must verify that the returned state matches the original value before proceeding.


Enabling Host disconnection

If a Host decides to stop using your application, you must fully disconnect them from your application.

To disconnect a Host, you can provide them with a disconnection button within your application. When a Host disconnects, your application should call the Delete/Revoke Token API to revoke their access and refresh tokens.

Alternatively, Hosts can disconnect from your application directly within their account settings on the Hostex website .

Updated 7 days ago

Did this page help you?

Updated 7 days ago

Did this page help you?