Marketplace applications make use of the standard OAuth2 Authorization Code flow:
1. Redirect the user to the authorization page
Redirect the user's browser to https://client.memo.bank/authorize with the following query parameters:
client_id— your application's client ID;redirect_uri— one of your registered redirect URIs;scope— space-separated list of requested scopes;state— an opaque value to maintain state between the request and callback.
2. User approves access
The user reviews the requested permissions and approves. They are then redirected to your redirect_uri with a code in the query parameters.
If the user denies the access or if an error occurs, they are redirected to your redirect_uri with an error and optionally an error_description in the query parameters.
3. Exchange the code with a token
Make a POST request to /oauth2/token using the authorization_code grant type, along with the code you received during the previous step, as well as your redirect_uri, client_id and client_secret.
See the API reference for the OAuth2 token endpoint below for more details.
4. Refresh your access tokens
Use the refresh_token grant type to obtain new access and refresh tokens without requiring the user to re-authorize your application.
Token lifetimes:
- Access token: 2 hours.
- Refresh token: 14 days (single use).
- Authorization code: 5 minutes (single use).