Register an OAuth application
OAuth client registration is currently invite-only.Email support@gumloop.com with your app name, use case, redirect URI(s), and logo. We’ll review and reach out with a
client_id.Redirect the user to Gumloop
When authorizing a user, redirect to the authorization endpoint with the correct parameters and scopes.Example
Handle the redirect
After the user approves your app, Gumloop redirects them back to yourredirect_uri with the authorization code and your state in the query string. Always validate that state matches the value you sent.
Exchange the code for tokens
Exchange thecode (plus your PKCE code_verifier) for an access token.
Example
Response
Make API requests
Pass the access token as a bearer header on every request, exactly like an API key:Refresh an access token
Whenexpires_in elapses, exchange the refresh token for a new access token.
