Skip to main content

Authentification for a web application

An authentification for a web application is done as follows:

  1. Redirect a customer to the, with the following parameters in the query string:
  • client_id - Your application client_id
  • response_type - A text code should be always passed in this parameter
  • scope - A text code should be always passed in this parameter
  • redirect_uri – A redirect Uri of your application
  • kc_locale – An interface language. ka should be passed for the Georgian language. Without passing this parameter an interface will appear in English.

For example, if a client id of your application is codeclient and a redirect Uri is, the address will have the following format (after URL encoding):

  1. A customer will approve an application request
  2. A customer will be redirected to the redirect_uri address, with the following parameters in the query string:
  • code – A temporary code
  1. Authenticate using HTTP Basic Auth. On requesting the service, a Bearer Token is returned, which is used as an authentication parameter for calling the following methods.


authentification using the HTTP Basic Auth. Use your application client_id as a user and a client_secret of your application as a password.


A text client_credentials should be always passed in this parameter.

A temporary code.

Your application redirect_uri


A token returned by the authorization server.

A token type (A text value bearer is being returned)

Not used.

A number of seconds of a Token being active.

The maximum time before a refresh token is expired and invalidated. It allows for the specification of a shorter timeout of refresh token than the session timeout.

If an access token or refresh token is compromised, access the Admin Console and push a not-before revocation policy to all applications. Pushing a not-before policy ensures that any tokens issued before that time become invalid.

A standard OAuth 2.0 authorization mechanism. A context in which a Token is valid.