SeeClickFix currently supports the following authentication methods for access to API v2. 1. HTTP Basic Authentication 1. OAauth2 Authentication

HTTP Basic Authentication

This method is appropriate when the client has direct access to user credentials (username and password).

$ curl -u ""

OAuth2 Authentication

This method is appropriate when the client application is being used by multiple users and the user’s credentials should not be shared with the client directly.

SeeClickFix supports OAuth2’s “authorization code flow” as documented in RFC 6749

The Doorkeeper documentation provides some easier to read information regarding the sequence of API calls.

Before an application (API client) can use OAuth2 with SeeClickFix it must be registered with our system. Register your app by sending the following information to

  1. Name of Application
  2. Organization Name
  3. Technical Contact Name, Email, Phone
  4. Administrative Contact Name, Email, Phone
  5. The callback URI to be used during the authentication phase and token phase

SeeClickFix will register the application and return an application id and secret. The name of the application will be presented to users on authorization and deauthorization views and so should be selected such that users understand which application is accessing SeeClickFix services on their behalf.

With the id and secret, authentication and API access can proceed as follows:

  1. Client Application initiates browser access to SCF authentication endpoint
  1. SCF user enters SCF credentials and on success is redirected to Client Application Redirect URI with code

  2. Client Application uses code to request access token from SCF token endpoint. Doorkeeper example
  1. SCF returns access token to Client Application

  2. Client Application can now make API requests on behalf of the user, by including user’s access token. See RFC 6750 for options and detail for transmitting the access token to the API endpoints.