Authentication

Client-side flow

The client-side flow is very similar to the server-side flow. It uses the same concept of redirects, and you should make yourself familiar with the server-side flow first. The only difference between the two is the response_type parameter. For the client-side flow it must be set to "token":

https://podio.com/oauth/authorize?response_type=token&client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=SCOPE_STRING

When Podio redirects back to your app the access token is available immediately as a fragment identifier. The URL looks like this:

http://YOUR_URL#access_token={access_token}&token_type={token_type}&expires_in={expires_in}&refresh_token={refresh_token}&scope={granted_scope_string}

Parse the fragment identifier to get the access token.

See Scopes & Permissions for details about the value of granted_scope_string