Judge.me uses OAuth to let App Developers access its API. This system helps App Developers get permission from stores to create Apps using an API token. This way, you can make secure requests to Judge.me's API based on how stores behave.
In this guide, we'll show you how to set up OAuth in Judge.me step by step.
Step 1: Create an App in Judge.me
Visit judge.me/login and input your email address to log in as a reviewer.
Judge.me will send a "magic link" to your email. Follow the link to proceed with the login process.
After logging in, access this link to create a new app: https://judge.me/profile/apps/new
Complete the required fields and click Create.
After creating your app, click the "edit" icon to find the Client ID and Secret. You'll use these for authorization and getting an access token later on.
Step 2: Identify the Scopes
Scopes define what your app can access, and stores control these permissions.
Request only the scopes you need for a higher chance of approval.
Here's a list of the Judge.me API scopes; make sure to use the correct names:
Step 3: Build the Authorization URL to Redirect Stores to Judge.me
Judge.me OAuth follows the OAuth 2.0 standard.
You can refer to any OAuth 2.0 guide for reference.
Construct an authorization URL to redirect stores to Judge.me.
This URL includes parameters identifying your app and defining the permissions (scopes) requested from the stores.
When stores click the authorization URL, your app redirects them to Judge.me. The URL loads the OAuth grant screen, requesting stores to authorize the specified scopes.
Authorization URL format
Example of a real authorization URL
Parameters in the authorization URL
Every connected app is identified by a client_id. You can find this value when editing your app in Judge.me.
redirect_uri is the endpoint that Judge.me will use to send authorization confirmation with the authorization code back to your app server.
scope is the list of permissions that your app requests the stores to approve.
response_type will be set to code, indicating that the application expects to receive an authorization code if successful.
You can send a random value as state when starting the authorization request and use it to validate the authorization code when receiving a response from Judge.me.
Example of a callback from Judge.me with an authorization code to your app
Step 4: Exchange for a Permanent Access Token
Next, exchange the authorization code for a permanent access token, allowing API calls within defined scopes. For this exchange, you'll need:
client_id (from step 1)
client_secret (from step 1)
code (from step 3)
redirect_uri (link to your app server)
The client_id and client_secret are what you have got from step 1 when creating an app. The code is what you get from step 3. The redirect_uri is the link to your app server.
An Illustration of a Judge.me Response:
Upon obtaining this access token, you gain the ability to invoke pertinent APIs within the Judge.me platform:
When you use APIs within your allowed scope, you can get the data you need. For example, if your scope includes the "read_products" API, you can get product information.
On the other hand, if you try to use APIs not in your scope, you'll get an error. For instance, if "read_reviews" isn't in your scope and you try to use it, you'll see an error message saying, "You can't access this resource."