Endpoints

The base url is always https://www.mindmeister.com. Make sure that you always use SSL.

Authorization endpoint

Path: /oauth2/authorize

Parameter

Description

respsonse_type

The value must be either code for the authorization code flow or token for the implicit flow.

client_id

The client identifier, which is received during the registration of the application.

client_secret

The client secret which is obtained together with the client ID. It is only required in the case of the implicit flow.

scope

The requested scopes separated by space, e.g. 'userinfo.email mindmeister'.

redirect_uri

The redirect URI of the client application which is set during the client registration.

Token endpoint

Path: /oauth2/token

Parameter

Description

grant_type

The value must be either authorization_code for the authorization code flow or client_credentials for the client credentials flow

code

The code obtained from the authorization request. Only required with the authorization code flow.

client_id

The client identifier, what is received during the registration of the application.

client_secret

The client secret which is obtained together with the client ID. It is not required in case of the implicit flow.

scope

The requested scopes separated by space, e.g. 'userinfo.email mindmeister'.

redirect_uri

The redirect URI of the client application what is set during the client registration.

Token info endpoint

Path: /oauth2/token/info

Shows details about the token used for authorization.

GET /oauth2/token/info HTTP/1.1
Host: www.mindmeister.com
Authorization: Bearer ACCESS_TOKEN
{
    "resource_owner_id" : 1,
    "scope" : ["userinfo.email", "userinfo.profile", "mindmeister"],
    "expires_in_seconds" : 863,
    "application" : {
        "uid" : 19
    }
}

📘

The token info endpoint works only with access tokens which are neither expired nor revoked.

Revoke token endpoint

Path: /oauth2/revoke

Parameter

Description

client_id

The client identifier, what is received during the registration of the application.

client_secret

The client secret which is obtained together with the client ID.

token

The access token to be revoked.

The response is always a HTTP 200 OK, even if the token doesn't exist or is revoked already.