Quora

E-mail: ads-api-help@quora.com

Client registration

At the moment, registering an OAuth client requires contacting us using the email address above. Registration requires

  • At least one redirect URI, to which authorization codes may be sent
  • A Quora user to associate the client to
  • A name for your application

Once registration is complete, the associated user can view their client ID and client secret at https://www.quora.com/ads/oauth_client_data

Whereas the client ID may be shared, the client secret must be protected.

Authorization

When constructing an authorization request URI to direct a user to,

  • Specify the ads_read scope. There are no default scopes
  • We recommend specifying a unique state for each request and checking that the value is equal in the response

Example URI

https://www.quora.com/_/oauth/authorize

?client_id=28f50ac6edeb48b5a3025cc5c902d893

&redirect_uri=https%3A%2F%2Fexample.app%2Foauth%2Fcallback

&response_type=code

&scope=ads_read

&state=c3RhdGVzdGF0ZXN0YXRlc3RhdGVzdGF0ZXN0YXRl

After which, successful authorization should redirect the user to a URI with a code such as

https://example.app/oauth/callback

?code=RHCuU8DmhuYCIIMLXHGpPIwn0DIfcK

&state=c3RhdGVzdGF0ZXN0YXRlc3RhdGVzdGF0ZXN0YXRl

Tokens

When constructing a token request,

  • Specify the client secret by adding client_secret to the request body

For example, for requesting a first access and refresh token and its response,

curl -X POST \

    -d “client_id=28f50ac6edeb48b5a3025cc5c902d893” \

    -d “client_secret=ooouA7R0Ccwn9zzzTo8t–cHzcChbC9hH8tXCv5nmXU=” \

    -d “code=RHCuU8DmhuYCIIMLXHGpPIwn0DIfcK” \

    -d “grant_type=authorization_code” \

    –data-urlencode “redirect_uri=https://example.app/oauth/callback” \

https://www.quora.com/_/oauth/token

{

    ‘access_token’: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp’,

    ‘expires_in’: 3600,

    ‘token_type’: ‘Bearer’,

    ‘scope’: ‘ads_read’,

    ‘state’: ‘test_state’,

    ‘refresh_token’: ‘jJFzQrky4Gvouz4K0FTYwJqoEjwSLz’

}

For requesting a new access token and its response,

curl -X POST \

    -d “client_id=28f50ac6edeb48b5a3025cc5c902d893” \

    -d “client_secret=ooouA7R0Ccwn9zzzTo8t–cHzcChbC9hH8tXCv5nmXU=” \

    -d “grant_type=refresh_token” \

    -d “refresh_token=jJFzQrky4Gvouz4K0FTYwJqoEjwSLz” \

https://www.quora.com/_/oauth/token

{

    ‘access_token’: ‘wpFbAfX3nJOBD7DvGhqVh3sQjUaYCZT’,

    ‘expires_in’: 3600,

    ‘token_type’: ‘Bearer’,

    ‘scope’: ‘ads_read’,

    ‘refresh_token’: ‘1BfFAGRNJru1LTz78BzhT3ZgLsT09z’

}

When receiving a new access token, you will also receive a new refresh token. Use the new one for future requests and discontinue use of the old one.

Notes

  • Authorization codes, access tokens, and refresh tokens are 30 characters.
  • Client IDs are 32 characters.
  • Client secrets are 44 characters.
Security scheme type:OAuth2
authorizationCode OAuth FlowAuthorization URL: https://www.quora.com/_/oauth/authorize Token URL: https://www.quora.com/_/oauth/token Refresh URL: https://www.quora.com/_/oauth/token Scopes: ads_read –  Read Ads Manager data
Cookie Value: