Skip to content

OAuth 2.0

Integrate your application with Archilogic using OAuth 2.0 to access floor plans, spaces, and building data on behalf of users.

Authorization Code Flow

Archilogic supports the OAuth 2.0 authorization code flow. For server-to-server integrations, use Secret Access Tokens instead.

1. Authorization

<endpoint>/oauth/authorize?
  response_type=code&
  client_id=YOUR_CLIENT_ID&
  state=RANDOM_STATE_VALUE

Users will be prompted to approve permissions on first authorization. After consent, they're redirected to your redirect_uri with an authorization code.

2. Token Exchange

bash
curl -X POST <endpoint>/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code=AUTHORIZATION_CODE"

Returns:

json
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer"
}

INFO

Authorization codes expire after 5 minutes. Access tokens are long-lived.

3. API Access

bash
curl -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  "https://api.archilogic.com/v2/floor/FLOOR_ID"

Configuration

Scopes

OAuth applications use the same scopes as secret access tokens. Configure scopes when registering your application with Archilogic support.

Managing Consents

Users can view and revoke application permissions at any time through their Archilogic account settings.

Application Registration

To register your OAuth application, contact Archilogic support with:

  • Application name
  • Redirect URI(s)
  • Required scopes

Rate Limiting

OAuth tokens follow standard API rate limits.

Error Codes

Error CodeDescriptionSolution
invalid_clientClient authentication failedVerify client ID
invalid_grantAuthorization code is invalid/expired (codes expire after 5 minutes)Request new authorization
invalid_scopeRequested scope is invalidUse supported scopes only
access_deniedUser denied authorizationHandle gracefully in your app
server_errorInternal server errorRetry with exponential backoff