Basic Steps

All applications follow the same principle steps when accessing the MindMeister OAuth 2.0 API. These steps are:

1. Register your client application

Register an OAuth 2.0 client application here to obtain a client ID and a client secret. For details read register your application.

2. Obtain an access token from the MindMeister authorization server

Use one of the supported OAuth 2.0 flows to receive an access token. If the client application is a web app it should use the authorization code flow. For client-side JavaScript applications the implicit flow should be selected. And if the client application just needs access on its own without access to user related data, the client credentials flow is enough alone.
The MindMeister API additionally provides the ability to create personal access tokens without prior application registration. These tokens can only be used to access the API on the user's own behalf.

3. Interact with API endpoints using access tokens

The access token allows requests to protected user resources. To authorize an API request the access token has to be send in the bearer authorization header.

GET /api/v2/resource/1 HTTP/1.1
Authorization: Bearer ACCESS_TOKEN


It's also possible to provide the access token in the query string, e.g. /api/v2/resource/1?access_token=ACCESS_TOKEN. This is really not recommended. The access token might be exposed to the end user or any other non authorized party. User-agents might cache the query string together with the base URL as well.