Setting Up an App

App registration is done at https://btibadges.io/developer. All authentication requests must be for a specific app.

Client IDs

To initiate an authentication request with BitBadges, ensure you correctly fill in the clientId field in your application's request. The clientId is a unique identifier assigned to your application when you register it with BitBadges. This identifier is crucial for the authentication process, allowing BitBadges to recognize your application and process authentication requests accordingly.

Client Secrets

The clientSecret is a cryptographic key provided by BitBadges upon registering your application. It is used alongside the clientId to authenticate requests made from your application to the BitBadges API. You must keep your clientSecret confidential and never expose it in client-side code or any place where it might be accessed by unauthorized users. Treat your clientSecret as securely as you would treat a password to ensure the security of your application's interactions with BitBadges.

In order to fetch the authentication details for any user of your application, you must prove that you know the clientSecret.

Redirect URIs

Redirect URIs are specified endpoints in your application where users will be redirected after they have authenticated with BitBadges. These URIs must be pre-registered in your BitBadges application settings. It is critical to ensure these URIs are secure and exactly match the ones listed in your application settings to prevent redirect attacks.

Always use HTTPS to protect the data integrity and confidentiality of the sensitive information exchanged during the redirect process.

Last updated