E-mail: ads-api-help@quora.com
Client registration
At the moment, registering an OAuth client requires contacting us using the email address above. Registration requires
- At least one redirect URI, to which authorization codes may be sent
- A Quora user to associate the client to
- A name for your application
Once registration is complete, the associated user can view their client ID and client secret at https://www.quora.com/ads/oauth_client_data
Whereas the client ID may be shared, the client secret must be protected.
Authorization
When constructing an authorization request URI to direct a user to,
- Specify the ads_read scope. There are no default scopes
- We recommend specifying a unique state for each request and checking that the value is equal in the response
Example URI
?client_id=28f50ac6edeb48b5a3025cc5c902d893
&redirect_uri=https%3A%2F%2Fexample.app%2Foauth%2Fcallback
&response_type=code
&scope=ads_read
&state=c3RhdGVzdGF0ZXN0YXRlc3RhdGVzdGF0ZXN0YXRl
After which, successful authorization should redirect the user to a URI with a code such as
?code=RHCuU8DmhuYCIIMLXHGpPIwn0DIfcK
&state=c3RhdGVzdGF0ZXN0YXRlc3RhdGVzdGF0ZXN0YXRl
Tokens
When constructing a token request,
- Specify the client secret by adding client_secret to the request body
For example, for requesting a first access and refresh token and its response,
curl -X POST \
-d “client_id=28f50ac6edeb48b5a3025cc5c902d893” \
-d “client_secret=ooouA7R0Ccwn9zzzTo8t–cHzcChbC9hH8tXCv5nmXU=” \
-d “code=RHCuU8DmhuYCIIMLXHGpPIwn0DIfcK” \
-d “grant_type=authorization_code” \
–data-urlencode “redirect_uri=https://example.app/oauth/callback” \
{
‘access_token’: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6Ikp’,
‘expires_in’: 3600,
‘token_type’: ‘Bearer’,
‘scope’: ‘ads_read’,
‘state’: ‘test_state’,
‘refresh_token’: ‘jJFzQrky4Gvouz4K0FTYwJqoEjwSLz’
}
For requesting a new access token and its response,
curl -X POST \
-d “client_id=28f50ac6edeb48b5a3025cc5c902d893” \
-d “client_secret=ooouA7R0Ccwn9zzzTo8t–cHzcChbC9hH8tXCv5nmXU=” \
-d “grant_type=refresh_token” \
-d “refresh_token=jJFzQrky4Gvouz4K0FTYwJqoEjwSLz” \
{
‘access_token’: ‘wpFbAfX3nJOBD7DvGhqVh3sQjUaYCZT’,
‘expires_in’: 3600,
‘token_type’: ‘Bearer’,
‘scope’: ‘ads_read’,
‘refresh_token’: ‘1BfFAGRNJru1LTz78BzhT3ZgLsT09z’
}
When receiving a new access token, you will also receive a new refresh token. Use the new one for future requests and discontinue use of the old one.
Notes
- Authorization codes, access tokens, and refresh tokens are 30 characters.
- Client IDs are 32 characters.
- Client secrets are 44 characters.
Security scheme type: | OAuth2 |
authorizationCode OAuth Flow | Authorization URL: https://www.quora.com/_/oauth/authorize Token URL: https://www.quora.com/_/oauth/token Refresh URL: https://www.quora.com/_/oauth/token Scopes: ads_read – Read Ads Manager data |
Leave a Reply