Skip to main content

API apps

Simplify tracking with API apps

Updated yesterday

The YesWeHack API lets you access, in read-only mode, the data and most activity of all the business units and programs you are invited to. To use this API, you must create an application “API app” on your YesWeHack profile (Note: You can create as many as you want). Authentication is handled via the OAuth 2.0 protocol, ensuring secure and authorized access to your data.

How to set an API app

⚠️ First of all, you must contact your CSM and provide your yeswehack username to request use of API apps. He will set the necessary permissions and provide you with a value to set in each request of your application.

ℹ️ Details on our API Apps documentation, here.

Now, you can create new API apps:

  • Click on “My YesWeHack Tools” in the dropdown menu at the top right

A new “API apps” tab has appeared in your “YesWeHack tools”

  • Click on “Create new app”

  • Fill-in the API app creation form: Name, Domain and Redirect URI

  • Click on “Create”

A new app is now available in your YesWeHack tools. You can access your Client_ID and Client_Secret for use in the OAuth process:

ℹ️ You can create as many API Apps as needed.

Oauth process

  • Go to the “Authorization URL” as documented below. You will be asked to authorize app to access your information.

  • You'll be redirected to the URI you specified upon creation, and your backend will have to call the Token URL as documented below in order to get the token.

ℹ️ OAuth 2 is used with the authorization code grant flow.

Parameters

Authorization URL

Authorization is done on our domain yeswehack.com.
Authorization URL must have the following parameters in the query string:

  • response_type with the value code,

  • client_id with the client identifier,

  • redirect_uri with the client redirect URI.

Example :

GET /oauth/authorize?client_id=[client_id]&redirect_uri=[redirect_uri]&response_type=code HTTP/1.1 
Host: yeswehack.com

Token generation

Token are generated with the endpoint https://apps.yeswehack.com/oauth/v2/token.
Token URL must be a POST with the following parameters in the body:

  • client_id with the client identifier,

  • client_secret with the client secret,

  • code with the code previously generated by authorization url,

  • grant_type with authorization_code,

  • redirect_uri with the client redirect URI.

Example:

POST /oauth/v2/token HTTP/1.1 
Host: apps.yeswehack.com
Content-Type: application/x-www-form-urlencodedclient_id=[client_id]&client_secret=[client_secret]&code=[code]&grant_type=authorization_code&redirect_uri=[redirect_uri]

Token refresh

Token can be refreshed with the endpoint https://apps.yeswehack.com/oauth/v2/token.
Renew the access token when the previous one is expired. This allows to continue to have a valid access without further interaction with user. Token refresh must be a POST with the following parameters in the body:

  • client_id with the client identifier,

  • client_secret with the client secret,

  • refresh_token with the refresh_token value return by POST /oauth/v2/token endpoint,

  • grant_type with refresh_token,

  • redirect_uri with the client redirect URI.

Example:

POST /oauth/v2/token HTTP/1.1 
Host: apps.yeswehack.com
Content-Type: application/x-www-form-urlencoded client_id=[client_id]&client_secret=[client_secret]&refresh_token=[refresh_token]&grant_type=refresh_token&redirect_uri=[redirect_uri]

Security Scheme Type: OAuth2

Flow type: authorizationCode

Authorization URL: https://apps.yeswehack.com/oauth/v2/authorize

Token URL: https://apps.yeswehack.com/oauth/v2/token

Related Articles
YesWeHack x BugTracker
API Personal Access Tokens
Did this answer your question?