For Client Side Applications
For Client-Side Applications
Harvest uses the Implicit Grant flow for client-side authorization.
1. Redirect users to Harvest to authorize their accounts with your application.
GET https://example.harvestapp.com/oauth2/authorize?client_id={client ID}&redirect_uri=https%3A%2F%2Fexample.com%2Fredirect_path&state=optional-csrf-token&response_type=token
To limit access to a single Harvest account, you can specify a specific web address in place of api.harvestapp.com
.
2. Get the access token when Harvest redirects back to your application. Harvest sends it to your redirect URI as a hash parameter.
GET https://example.com/redirect_path#access_token={access token}&expires_in=64799&state=optional-csrf-token&token_type=bearer
3. Use the access token to send authorized requests to the Harvest API.
Note: the Content-Type
and Accept
headers for this request must be application/json
or application/xml
.
GET https://example.harvestapp.com/account/who_am_i?access_token={access token}