In order to use the Lucidchart API, a client must have permission from the user to access their data. This permission is granted with an OAUTH access token following the OAuth 1.0 specification. Details of the OAUTH authorization process and libraries for most languages can be found at http://oauth.net/. To obtain the access token, the following steps need to be taken:
- Request a oauth consumer key and secret from this page.
- Obtain a request token. Using the consumer key and secret a request token can be obtained following the oauth protocol (see Obtaining an Unauthorized Request Token). The callback should be provided as part of making the call for a request token (Lucidchart does not currently support the oob flow). The Lucidchart endpoint for obtaining a request token is:
- Obtain authorization. Authorization is obtained by redirecting the user to the Lucidchart authorization page with the appropriate oauth query parameters (see Obtaining User Authorization). The Lucidchart authorization page is:
- Obtain the access token. If the user authorizes the third party, they will be redirected back to the third-party callback URL (that was provided when when the request token was requested) with a verifier as described in the oauth specification. Using the verifier and request token, the third party can request an access token (see Obtaining an Access Token). The Lucidchart endpoint for obtaining an access token is:
With the access token, a third party can sign requests to the Lucidchart API and get access to users data (see Signing Requests). Note that the Access Token can be revoked by the user at any time the user decides they no longer want the third party to have access to their Lucidchart data.