OAuth 2.0 authentication
How to authenticate against the EGreed platform using OAuth 2.0 and PKCE.
Updated June 29, 2026 6 min read
Overview
Every EGreed API accepts OAuth 2.0 bearer tokens. Public clients (mobile, SPA) must use PKCE; confidential clients (servers) use a client secret.
Authorization code flow
GET https://auth.egreedtech.org/authorize
?response_type=code
&client_id=YOUR_CLIENT_ID
&redirect_uri=https://yourapp.com/callback
&scope=cloud.read+ai.invoke
&code_challenge=...
&code_challenge_method=S256
Access and refresh tokens
Access tokens are valid for 1 hour; refresh tokens rotate on each use and are valid for 60 days of inactivity.
oauthauthapi