How the Judge.me OAuth flow works on the user's side

Judge.me uses OAuth to grant App Developer access to Judge.me’s API. Essentially, OAuth is a mechanism that enables Shops to approve certain Apps to access the Shop's data on Judge.me platform via Judge.me API. In this guide, we'll show you a generic example of how the OAuth process works on the Shop’s side. 

*Note: For App Developers, check this article to learn how to set up the OAuth flow in Judge.me.

Shop A is using Judge.me and has data stored in Judge.me.

Shop A wants to use a feature in App B that requires access to Shop A’s data in Judge.me (e.g. to display Judge.me’s review information on App B’s widgets).

To do this, Shop A has to grant App B permission to access Shop A’s data in Judge.me.

Here is how the OAuth authorization process works on Shop A’s side:

• App B displays a section on their website, with a button prompting Shop A to authorize App B to have access to Shop A’s data in Judge.me.
• Shop A clicks the button on App B’s website to start the authorization process.
• Shop A is redirected to the authorization page URL in Judge.me. Here is the format of an authorization URL.

https://judge.me/oauth/authorize?client_id=[appB_client_id]&redirect_uri=[appB_redirect_uri]&response_type=code&scope=[list_of_permissions]&state=[state]

• If Shop A is not logged in, they are redirected to the login page.
• After Shop A is logged in, Judge.me opens a grant screen, asking Shop A to authorize App B to access Shop A’s data in Judge.me.
• Shop A reviews the permissions App B is asking for:
  • If Shop A clicks the “Authorize” button, they allow App B to access their data in Judge.me.
  • If Shop A clicks the “Cancel” button, they don’t allow App B to access their data in Judge.me.

• If Shop A clicks “Authorize", Judge.me receives the requests and grants App B permissions to access Shop A’s review information.
• Shop A is redirected back to App B to use the features.