OAuth 2.0

Visier supports OAuth 2.0 for authorizing access to a user's account and data.

OAuth 2.0 is an industry standard that allows applications to interact with another application on a user's behalf. With OAuth users can grant access to an application without ever having to share their password. For example, OAuth allows you to log into third-party applications with your Visier account without having to provide them with your Visier credentials. It also allows applications to access specific data and Visier APIs.

How OAuth works

OAuth uses access tokens instead of user credentials to create a layer of security between applications. OAuth defines the following roles:

  • Resource Owner: The end user who grants an application access to a protected resource such as personal information, data, or APIs.
  • Client: The application that requests access to the protected resource, which is hosted by another application in the resource server.
  • Authorization Server: The dedicated server that issues access tokens to the client after getting authorization from the resource owner.
  • Resource Server: The server that hosts the protected resource. It verifies the access token from the client and returns the appropriate access to the resource.

The authorization workflow consists of the following steps:

  1. The client requests authorization to access a protected resource on behalf of the resource owner.
  2. The resource owner is redirected to the authorization server, provides their credentials, and authorizes access to the client.
  3. The authorization server issues an access token to the client.
  4. The client uses the access token to access the resource server and protected resource.

Not only is OAuth convenient, but your Visier credentials are never sent or stored by another application.

OAuth offers different flows (grants) that determine how the access token is retrieved. Visier supports both the Authorization Code ( three-legged OAuth) and Password (two-legged OAuth) flows. However, Visier recommends the Authorization Code flow as it is more secure. The difference between the flows is the number of roles involved. With Authorization Code, as described in the previous example, the resource owner grants a client access to a server. In the Password flow, the client requests access to the servers without the involvement of a resource owner. The Password flow is typically reserved for applications that require service accounts, which are not associated with any individual. For code samples that show how the different OAuth flows are implemented, see Visier API Samples.

Client credentials

Before a client application can make a request on behalf of a Viser user, they must register with our authorization servers. After the application is successfully registered, the application is assigned a client ID and a client secret. The client must provide the ID and secret to the authorization servers in order to get an access token. The servers use the ID and secret for authentication. For registration instructions, see Register a Client Application.