This document describes the technical setup of AthleteMonitoring’s (AM) oAuth Flow. Please contact us at support@athletemonitoring.com for further information


Step -1 

To begin the oAuth Flow, please make an HTTP Post redirect to the below endpoint – 

https://www.athletemonitoring.in/auth/am_auth.php


Your POST request needs to have the following three parameters in the body of the request – 


transaction_id

provider_key 

redirect_url 


transaction_id  - This will be an alphanumeric code which you will include in the POST Body, once the oAuth is completed, we will return this transaction_id back to you. That way you can verify that the oAuth response you have received is against an oAuth session initiated by your system.  This ensures integrity of the system.


provider_key - This will be a unique alphanumeric code which AM will share with you. This enabled the AM system to identify the origin of the oAuth request. 


redirect_url - This will be the url to which you want the user to be redirected once the oAuth flow is complete.


Step -2

Once you initiate the request, the user will see the AM oAuth Login page. On this page, the user will fill in their credentials and they will be verified and the user will be redirected to the redirect_url provided by you in the request.


Step -3

AM system will include the following parameters in the POST Body, while redirecting the user to the redirect_url provided by you - 


mode - This parameter will have a value of either 1 or 2. 1 indicates that the user has been verified correctly. 2 indicates that the user could not be verified ( e.g they entered incorrect login credentials). Note that if mode =2, token_data parameter will be blank. 


transaction_id - This will be the transaction_id that was included by you in the POST body at the time of initiation of the oAuth Flow, the transaction_id should match the original value you sent. That way you will be able to verify the integrity of the oAuth flow.


token_data - This will be the unique API token for the user who has just completed the oAuth flow. You will need to save this token_data value in your system and use it for all subsequent API requests via which you intend to send session data as a FIT or JSON file to AM.