Step 1

The munzee player needs to allow your app to access the munzee platform on his behalf. Guide the munzee player to
Replace yourclientid with the client ID listed in the developer dashboard. The scope parameter excepts a space-separated list of scopes that are allowed for your app and that should be applied to the token (in most cases this is just read like in the example). Also the redirect_uri has to be the same as what you set up at the developer dashboard. If your app needs any state information passed through the process, you can use the state parameter for this. Otherwise it can be omitted.

Step 2

The user will be presented with a webpage to allow your app to access their munzee information. The player may have to login to their munzee account to see the approval page.

Step 3

If the user clicks "Allow Access", they will be redirect to the URI that was set up with your application. The request will look something like this, assuming that the URI you provided was
State will be empty if you did not use it in step 1.

Step 4

You will now have to use the code parameter from step 3 along with your client ID and secret to request the bearer token for the user.
curl -X POST --data "client_id=yourclientid&client_secret=yourclientsecret&grant_type=authorization_code&code=JkEQQmjgbPavmqtJtbYEyAD7lYAMYLKBEZhlfeTn&redirect_uri="

Step 5

You will get a response similar to
      "access_token": "youraccesstoken",
      "token_type": "Bearer",
      "expires": 1429131777,
      "expires_in": 604800,
      "refresh_token": "yourrefreshtoken"
    "user_id": 12345
  "status_code": 200,
  "status_text": "OK"
The access_token returned is the bearer token.

Step 6

If the access token has expired (check the received “expires” timestamp), the application has to request a new access token. You can accomplish this by going back to step 1, or using the refresh token from step 5. The refresh token is valid for 3 months.
curl -X POST --data "client_id=yourclientid&client_secret=yourclientsecret&grant_type=refresh_token&refresh_token=yourrefreshtoken"

Step 7

You are ready to start making successful API calls using the Bearer token! Start looking at our docs.

* Using cURL for the authentication process as we did in the examples above is not a requirement. You can use any language or framework that is able to fire HTTP requests.