Podio API Documentation

OAuth authorization

This API uses OAuth 2.0 (http://oauth.net/2/) for authentication users of the API. Currently supported is draft-10 of the specification. It is recommended to read http://tools.ietf.org/html/draft-ietf-oauth-v2-10.


To be able to access the API, a third party will have to register with Podio. This will result in a client being created, which can then be used when authenticating. Authentication can be done in one or two steps:

One step 

This is only valid for trusted clients. When validating in one step, the token endpoint will be contacted directly with mail and password of the end-user, and will receive an access token in return.

Two step

This is for all other clients. When validating the user is sent to a Podio webpage along with the client id and any state. The user then logs in as normal and either grants or denies access for the client. If granted the user is sent back to the redirect url along with a authorization code. Secondly the client uses the token endpoint with the code from step one to get an access token.

Two step authorization is not yet completed!


When accessing any protected resource of the API, the access token will have be included as a parameter with the name "oauth_token" to the request. This can be either as part of the URI when posting or form-encoded otherwise.