Some REST APIs require users to authorize your application to access their data. This means that:

To get the authorization, the application first prompts the user to provide credentials to authorize the application to access his data. If the authorization is successful, the application can get an authorization token to use the service in the user account.

The implementation is typically done as follows:

  1. Redirect to Get the User Authorization
    1. Look into the API documentation, to understand how to get the user authorization;
    2. Add the logic to redirect to get the user authorization.
  2. Get the Authorization Token
    1. Look into the API documentation, to understand how you can invoke the REST API method;
    2. Define the REST API and REST API method. Use the information you found in the API documentation;
    3. Understand what is created.
  3. Use the Service
    1. Look into the API documentation, to understand how you can invoke the REST API Method;
    2. Define the REST API and REST API method. Use the information you found in the API documentation;
    3. Understand what is created;
    4. Use the REST API method in your application, with the authorization token attached to it.

Example

Imagine you want to build an application in OutSystems to list files you have stored in Box, a cloud storage and file sharing service, which provides a REST API.

1. Redirect to Get the User Authorization

1.1. Look Into the API Documentation

Go to the Box API documentation and understand how their REST API works:

    1. Navigate to a specific URL for the user to authenticate;
    2. Create a web screen for Box to navigate back to your application with an access code;
    3. Validate the access code is yours;
    4. Use a REST API method with the access code to get the authorization token.

The Box API documentation describes you have to redirect to the following URL to get the user authorization:

https://www.box.com/api/oauth2/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_REDIRECT_URI&state=security_token

where:

YOUR_CLIENT_ID: this is the key assigned to the Box account of your application (you have to have one created);

YOUR_REDIRECT_URI: this is the URL of the page in your application where users are redirected to, after the user has authorized your application to access his data;

state: a random security string, that is sent back by Box together with the access code, for you to validate it is your access code.

1.2. Add the Logic to Get the User Authorization

Create the BoxContent web screen to list the Box content and, in the preparation, navigate for the user to authenticate and get the authorization.

Set the External Site to navigate to the Box authorization URL: https://www.box.com/api/oauth2/authorize

Add the following parameters:

response_type: set to "code";

client_id: set with the key assigned to the Box account of your application (you have to have one created);

redirect_uri: This is the URL of the web screen to which Box navigates after the user has authorized:

MakeAbsoluteURL( GetOwnerURLPath() + "boxoauthcallback." + If(GetApplicationServerType()="J2EE","jsf","aspx") )

state: set an arbitrary string, for example, GeneratePassword(20,True). Store the string in a session variable to validate later when Box navigates back to your application with the access code.

Create a web screen called 'boxoauthcallback':

We will extend this screen flow later, using the REST API methods we create in the following sections.

2. Get the Authorization Token

2.1. Look Into the API Documentation

From the Box API documentation, the REST API Method to get the authorization token has the following specifications: