Endpoints
The base url is always https://www.mindmeister.com. Make sure that you always use SSL.
Authorization endpoint
Path: /oauth2/authorize
| Parameter | Description |
|---|---|
| respsonse_type | The value must be either code for the authorization code flow or token for the implicit flow. |
| client_id | The client identifier, which is received during the registration of the application. |
| client_secret | The client secret which is obtained together with the client ID. It is only required in the case of the implicit flow. |
| scope | The requested scopes separated by space, e.g. 'userinfo.email mindmeister'. |
| redirect_uri | The redirect URI of the client application which is set during the client registration. |
Token endpoint
Path: /oauth2/token
| Parameter | Description |
|---|---|
| grant_type | The value must be either authorization_code for the authorization code flow or client_credentials for the client credentials flow |
| code | The code obtained from the authorization request. Only required with the authorization code flow. |
| client_id | The client identifier, what is received during the registration of the application. |
| client_secret | The client secret which is obtained together with the client ID. It is not required in case of the implicit flow. |
| scope | The requested scopes separated by space, e.g. 'userinfo.email mindmeister'. |
| redirect_uri | The redirect URI of the client application what is set during the client registration. |
Token info endpoint
Path: /oauth2/token/info
Shows details about the token used for authorization.
GET /oauth2/token/info HTTP/1.1
Host: www.mindmeister.com
Authorization: Bearer ACCESS_TOKEN
{
"resource_owner_id" : 1,
"scope" : ["userinfo.email", "userinfo.profile", "mindmeister"],
"expires_in_seconds" : 863,
"application" : {
"uid" : 19
}
}
The token info endpoint works only with access tokens which are neither expired nor revoked.
Revoke token endpoint
Path: /oauth2/revoke
| Parameter | Description |
|---|---|
| client_id | The client identifier, what is received during the registration of the application. |
| client_secret | The client secret which is obtained together with the client ID. |
| token | The access token to be revoked. |
The response is always a HTTP 200 OK, even if the token doesn't exist or is revoked already.
Updated over 5 years ago