Authentication

Authentication is the first step in the deep integration flow. Once users authorize your platform with Trade It, your server can request session URLs for connect and trade modals.

How OAuth Works (High Level)

1. User clicks a "Connect Trade It" action in your app.
2. User authenticates with Trade It and grants permission.
3. Trade It redirects to your callback URL.
4. Your server exchanges the authorization code for tokens.
5. Your server stores Trade It access/refresh tokens for that user.

Once tokens are stored, you can launch embedded connect and trade flows.

What You Need to Implement

• A client-side "Connect Trade It" entry point.
• A callback route on your platform.
• A server-side code exchange using your client_id and client_secret.
• Secure per-user storage for Trade It access and refresh tokens.

Notes

• Keep client_secret on your server only.
• Never exchange OAuth codes from client-side code.
• Session URL calls should always be server-side and use the user's Trade It token.