The Nextdoor APIs use the OAuth 2.0 protocol to authorize API requests.
Authorization for Share API is user-based and involves
- Applying for access and getting your client id and secret
- Please apply here
- Generating an authorization code for your user
- Exchanging the authorization code for a bearer token.
- Including your access token in the header of your API requests
Authorization Code
The first part is getting an authorization code for your user:
-
Redirect your user to
https://www.nextdoor.com/v3/authorize/?scope=openid%20post:write%20post:read%20comment:write&client_id={client_id}&redirect_uri={your_callback_url}- redirect_uri should be the same one(s) you submitted in the form
- The list of scopes are
openid: Always include thispublish_api: Include this super scope if you are interested in all the following features.post:write: Include this scope if you are interested in creating, deleting, or editing postspost:read: Include this scope if you are interested in reading post datacomment:write: Include this scope if you are interested in creating, deleting, or editing commentsprofile:read:Include this scope if you are interested in getting information on the authenticated user (unique user identifier, name, profile picture, etc...)agency.boundary:read: Include this scope if you are interested in creating geo-targetted agency posts.profile: Include this scope if you only want to use /me and /me/profiles endpoint for user verification purpose.
-
After a user accepts or allows access, our server will redirect the user back to
{redirect_uri}?code={authorization_code}- Your server should handle
{redirect_uri}and look for the authorization code in the query parameter - You should config the Access-Control-Allow-Origin header to include Nextdoor's domain.
- Your server should handle
-
Use the
{authorization_code}to exchange for an access token in Get access token.
You must also periodically refresh the access tokens.