Endpoints

The base url is always https://www.mindmeister.com. Make sure that you always use SSL.

Authorization endpoint

Path: /oauth2/authorize

ParameterDescription
respsonse_typeThe value must be either code for the authorization code flow or token for the implicit flow.
client_idThe client identifier, which is received during the registration of the application.
client_secretThe client secret which is obtained together with the client ID. It is only required in the case of the implicit flow.
scopeThe requested scopes separated by space, e.g. 'userinfo.email mindmeister'.
redirect_uriThe redirect URI of the client application which is set during the client registration.

Token endpoint

Path: /oauth2/token

ParameterDescription
grant_typeThe value must be either authorization_code for the authorization code flow or client_credentials for the client credentials flow
codeThe code obtained from the authorization request. Only required with the authorization code flow.
client_idThe client identifier, what is received during the registration of the application.
client_secretThe client secret which is obtained together with the client ID. It is not required in case of the implicit flow.
scopeThe requested scopes separated by space, e.g. 'userinfo.email mindmeister'.
redirect_uriThe redirect URI of the client application what is set during the client registration.

Token info endpoint

Path: /oauth2/token/info

Shows details about the token used for authorization.

GET /oauth2/token/info HTTP/1.1
Host: www.mindmeister.com
Authorization: Bearer ACCESS_TOKEN
{
	"resource_owner_id" : 1,
	"scope" : ["userinfo.email", "userinfo.profile", "mindmeister"],
	"expires_in_seconds" : 863,
	"application" : {
		"uid" : 19
	}
}

📘

The token info endpoint works only with access tokens which are neither expired nor revoked.

Revoke token endpoint

Path: /oauth2/revoke

ParameterDescription
client_idThe client identifier, what is received during the registration of the application.
client_secretThe client secret which is obtained together with the client ID.
tokenThe access token to be revoked.

The response is always a HTTP 200 OK, even if the token doesn't exist or is revoked already.