Authentication

Client-side flow

The client-side flow is very similar to the server-side flow. It uses the same concept of redirects, and you should make yourself familiar with the server-side flow first. The only difference between the two is the response_type parameter. For the client-side flow it must be set to "token":

https://podio.com/oauth/authorize?response_type=token&client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=SCOPE_STRING

Note: Repeated Request and Response parameters will be discarded and only the value of last Request and Response parameter is considered

When Podio redirects back to your app the access token is available immediately as a fragment identifier. The URL looks like this:

http://YOUR_URL#access_token={access_token}&token_type={token_type}&expires_in={expires_in}&refresh_token={refresh_token}&scope={granted_scope_string}

Parse the fragment identifier to get the access token.

See Scopes & Permissions for details about the value of granted_scope_string