The Nextdoor APIs use the OAuth 2.0 protocol to authorize API requests.

Authorization for Share API is user-based and involves

Authorization Code

The first part is getting an authorization code for your user:

Redirect your user to https://www.nextdoor.com/v3/authorize/?scope=openid%20post:write%20post:read%20comment:write&client_id={client_id}&redirect_uri={your_callback_url}
1. redirect_uri should be the same one(s) you submitted in the form
2. The list of scopes are
  - openid: Always include this
  - publish_api: Include this super scope if you are interested in all the following features.
  - post:write: Include this scope if you are interested in creating, deleting, or editing posts
  - post:read: Include this scope if you are interested in reading post data
  - comment:write: Include this scope if you are interested in creating, deleting, or editing comments
  - profile:read:Include this scope if you are interested in getting information on the authenticated user (unique user identifier, name, profile picture, etc...)
  - agency.boundary:read: Include this scope if you are interested in creating geo-targetted agency posts.
  - profile: Include this scope if you only want to use /me and /me/profiles endpoint for user verification purpose.
After a user accepts or allows access, our server will redirect the user back to {redirect_uri}?code={authorization_code}
1. Your server should handle {redirect_uri} and look for the authorization code in the query parameter
2. You should config the Access-Control-Allow-Origin header to include Nextdoor's domain.
Use the {authorization_code} to exchange for an access token in Get access token.

You must also periodically refresh the access tokens.