The Nook API supports types of authentication, API keys and OAuth 2. For most use cases, API keys are the preferred authentication method. The OAuth flow is intended for third-party integration, i.e. allowing users to connect their Nook account to your platform.
API keys are the easiest way to access the Nook API. To obtain an API key, sign into the developer portal and scroll down to the Authentication section. Here, you can create API keys for both the production and sandbox environments.
Nook supports an OAuth 2 flow to obtain access tokens for Nook users. The OAuth 2 flow is intended for platform integrations where you ask users on your platform to connect their Nook account.
To use the OAuth flow, sign into the developer portal and scroll down to the Authentication section. Here, you can create OAuth applications for both the production and sandbox environments. A client ID and secret will be generated that you can be used to authenticate with the OAuth flow. For private clients, where the source code is not publicly exposed and secrets can be stored securely, we recommend using the authorisation code flow. For public clients, we recommend using the authorisation code flow with PKCE.
Nook's OAuth 2 authentication method is OpenID Connect (OIDC)-compliant. The endpoints to use in the OAuth flow can be found in the OIDC discovery endpoint.
Both API keys and OAuth tokens can be passed as the bearer token in the authorization header, as shown in the examples below.
bearerToken=<API key or OAuth token>
curl -H "Authorization: Bearer $bearerToken" -H 'Content-Type: application/json' https://api.nook.io/v1/companies/current
const bearerToken = '<API key or OAuth token>';
const request = fetch('https://api.nook.io/api/v1/companies/current', {
headers: {
'Authorization': `Bearer ${bearerToken}`,
'Content-Type': 'application/json',
},
});
request
.then(response => response.json())
.then(console.log)
.catch(response => console.log('An error occurred:', response));
The demo project demonstrates the use of the OAuth flow and its use to access the Nook API.