OAuth 2.0 authentication

How to authenticate against the EGreed platform using OAuth 2.0 and PKCE.

Updated June 29, 2026 6 min read

Overview

Every EGreed API accepts OAuth 2.0 bearer tokens. Public clients (mobile, SPA) must use PKCE; confidential clients (servers) use a client secret.

Authorization code flow

GET https://auth.egreedtech.org/authorize
  ?response_type=code
  &client_id=YOUR_CLIENT_ID
  &redirect_uri=https://yourapp.com/callback
  &scope=cloud.read+ai.invoke
  &code_challenge=...
  &code_challenge_method=S256

Access and refresh tokens

Access tokens are valid for 1 hour; refresh tokens rotate on each use and are valid for 60 days of inactivity.

oauthauthapi

Was this article helpful?

Related articles