StatPro Revolution Web API
Authorization using OAuth2
Registering a client application
Before registering a client application, its authors must decide upon the following:-
- its type
- its name
- its unique public identifier
- the individual who will be the administrator for the client application (must be a registered Revolution user)
- whether all users can use the application, or whether it is intended to be used only by users in the client's organization
- for a Server-Side Web application, its Redirect URI.
- The application's type must be one of:- Server-Side Web application, Native application or Batch application. The differences between these types are explained on the Overview page.
- The name should be descriptive; the maximum length is 120 characters; all characters must be within the %x20-7E range of Unicode code points (inclusive).
- The public identifier must be unique to the application; the maximum length is 100 characters. All characters must be within the %x20-7E range of Unicode code points (inclusive). Public identifiers are treated case sensitively. (The registration process will inform you if the chosen identifier isn't unique.)
- The administrator is the person within the client organization who will be the central point of contact for the application. The email address of the administrator is provided during registration. This person (and his/her email address) must be a registered user of the Revolution website. The application will be tied to this user's tenancy, which has implications for other registration details. Information regarding app registration will be sent to this email address.
- The accessibility of the application denotes whether all users will be able to use the application, or whether it is intended to be used only by users in the client's organization. In the latter case, only those users who live in the same Revolution tenancy as the administrator (see above) will be allowed by the OAuth2 Server to grant access to the application.
- For an application whose type is Server-Side Web application, the Redirect URI must be the address of the endpoint within the web app to which the OAuth2 Server will redirect in order to supply either an Authorization Response or an Error Response to an authorization request. (For more details see RFC 6749, subsection 4.1.2. and subsection 18.104.22.168..) The Redirect URI:-
- must be absolute
- must have the "https" scheme
- must not contain a fragment
- must not contain query strings
- Name = Fictional Corp Analytics Mobile Web App
- Public id = FictionalAnalyticsMobWeb
- Type = Server-Side Web application
- Administrator = email@example.com
- Accessibility = Only users in the Fictional Corp tenancy (as opposed to All Users)
- Redirect URI = https://analytics.fictionalcorp.net/mobileweb/oauth2/receiveauthorization
Currently there are no self-service Registration web pages for registering client applications, or for viewing and amending existing registrations. For now, please email firstname.lastname@example.org with a request to register a new client application, providing all of the information described above. Notification of a successful or failed registration will be sent to the administrator's email address (see point 4 above). A successful notification will include additional information and instructions. The additional information should be kept confidential, so the administrator email address should be chosen with care.
Last updated: September 2013