Using OAuth 2.0
In order to use any of the Marq APIs, an app must have permission from the user to access their data. This permission can be granted with an OAuth2 access token. Details of the OAuth 2.0 authorization process can be found at https://oauth.net/2/.
Limitations
When accessing Marq APIs using OAuth 2.0, the following limitations apply:
- You must be a team admin in your Marq account in order to obtain the client ID and secret as described below.
- Only users in your account can use the app with your client ID and secret. If you would like to develop an app that all Marq users can use, please contact us.
- Authorization must happen in the browser, because a user must give consent for the client to access their information. For this reason, the authorization request cannot be made from Postman, curl, or some other HTTP client.
App registration
Permissions
Registering a new application requires Team Admin permissions for the Marq account.
To set up an app to use OAuth 2.0, perform the following steps:
- Obtain an OAuth 2.0 client ID and client secret from the account's Marq's team administration page.
- Register at least one redirect URI on that page. Marq will redirect the user to this location once they have granted access. This should be a URL that the app controls. Marq will append the authorization code to the URL in the code query parameter.
Test redirect URI
As a service, Marq provides a redirect uri that can be used to allow the user to copy the authorization code to the clipboard.
To use it, register the redirect URI:
https://app.marq.com/oauth2/clients/{client id}/redirect
When this redirect URI is used and a user grants access to the app, Marq will redirect the user to a page on our site where they can view and copy the authorization code.