1. RunSignup
  2. API
  3. OAuth2 Authentication
API Overview Getting Started API Keys OAuth2 Authentication Documentation API Methods Error Codes Code Examples

OAuth2 Authentication

RunSignUp supports OAuth2 authentication for secure API access. OAuth2 allows your application to access user data without requiring users to share their credentials with your application.

Quick Links

OAuth2 Flow Overview

RunSignUp implements the OAuth2 Authorization Code flow with PKCE (Proof Key for Code Exchange) support for enhanced security:

  1. Client Registration: Register your application to obtain client credentials.
  2. Authorization Request: Redirect users to RunSignUp authorization endpoint.
  3. User Authorization: User logs in and grants permissions to your application.
  4. Authorization Code: RunSignUp redirects back to your application with authorization code.
  5. Token Exchange: Exchange authorization code for access and refresh tokens.
  6. API Access: Use access token in Bearer authorization header for API calls.
  7. Token Refresh: Use refresh token to obtain new access tokens when needed.

Supported Scopes

Scope Description
rsu_api_read Read access to RunSignUp API resources.
rsu_api_write Write access to RunSignUp API resources.

Using Access Tokens

Once you obtain an access token, include it in the Authorization header of your API requests: 

Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9...

Complete Technical Specification

For complete implementation details including all endpoints, parameters, request/response formats, and error handling, see the OAuth2 OpenAPI Specification.

Getting Started

Ready to implement OAuth2 authentication? Start with the OAuth2 Developer Guide for step-by-step instructions, or view the OpenAPI specification for detailed technical documentation.

PKCE Support

RunSignUp supports PKCE (Proof Key for Code Exchange) for enhanced security, particularly recommended for public clients such as mobile applications and single-page applications that cannot securely store client secrets.

Token Lifetimes

Token Type Lifetime Usage
Access Token 1 month (2,592,000 seconds) Include in API request Authorization headers.
Refresh Token 20 years Use to obtain new access tokens.
Authorization Code 5 minutes Exchange for tokens immediately after receiving.

If you continue to use this site, you consent to use all cookies. We use cookies to offer you a better browsing experience. Read how we use cookies and how you can control them by visiting our Privacy Policy.

If you continue to use this site, you consent to use all cookies.