Get authorization code

The Nextdoor APIs use the OAuth 2.0 protocol to authorize API requests.

Authorization for Share API is user-based and involves

  1. Applying for access and getting your client id and secret
    1. Please apply here
  2. Generating an authorization code for your user
  3. Exchanging the authorization code for a bearer token.
  4. Including your access token in the header of your API requests

Authorization Code

The first part is getting an authorization code for your user:

  1. Redirect your user to https://www.nextdoor.com/v3/authorize/?scope=openid%20post:write%20post:read%20comment:write&client_id={client_id}&redirect_uri={your_callback_url}

    1. redirect_uri should be the same one(s) you submitted in the form
    2. The list of scopes are
      • openid: Always include this
      • publish_api: Include this super scope if you are interested in all the following features.
      • post:write: Include this scope if you are interested in creating, deleting, or editing posts
      • post:read: Include this scope if you are interested in reading post data
      • comment:write: Include this scope if you are interested in creating, deleting, or editing comments
      • profile:read:Include this scope if you are interested in getting information on the authenticated user (unique user identifier, name, profile picture, etc...)
      • agency.boundary:read: Include this scope if you are interested in creating geo-targetted agency posts.
  2. After a user accepts or allows access, our server will redirect the user back to {redirect_uri}?code={authorization_code}

    1. Your server should handle {redirect_uri} and look for the authorization code in the query parameter
    2. You should config the Access-Control-Allow-Origin header to include Nextdoor's domain.
  3. Use the {authorization_code} to exchange for an access token in Get access token.

You must also periodically refresh the access tokens.