Sign in with Galxe - Demo

Please see the Demo and its source code.

Visual Guidelines

Make sure you use this resource and follow our brand guidelines to implement Sign in with Galxe.

Getting Started

To get started, please apply for a client ID by contacting our live chat support from your dashboard management page.

OAuth

Galxe’s OAuth implementation supports the standard authorization code grant type for apps that don’t have access to a web browser.

Authorization flow

The request flow to authorize users for your app is:

  1. Users are redirected to request their Galxe identity.
  2. Users are redirected back to your site by Galxe.
  3. Your app accesses the API with the user’s access token.

1. Request a user’s Galxe identity

URL

GET https://app.galxe.com/oauth


REDIRECT
https://app.galxe.com/oauth?client_id=${CLIENT-ID}&scope=${SCOPE}&redirect_uri=${REDIRCT-URI}&state=${STATE}

scope whitelist:

  • Email
  • Twitter
  • Discord
  • Github
  • Telegram
  • EVMAddress
  • SolanaAddress
  • SeiAddress
  • AptosAddress
  • InjectiveAddress
  • FlowAddress
  • GalxeID

Parameters

NameTypeDescription
client_idstringRequired. The client ID you received from Galxe when you registered.
scopestringRequired. A space-delimited list of scopes. If not provided, scope defaults to an empty list for users that have not authorized any scopes for the application.
redirect_uristringRequired. The URL in your application where users will be sent after authorization, also known as callback url.
statestringRequired. An unguessable random string. It is used to protect against cross-site request forgery attacks.
code_challengestringPKCE (Proof Key for Code Exchange) is an extension to the Authorization Code flow to prevent CSRF and authorization code injection attacks. PKCE is not a replacement for a client secret, and PKCE is recommended even if a client is using a client secret.
code_challenge_methodstringEncoding method, plain or S256 (sha256), S256 is recommended.

Response

By default, the response will add the following parameter to your redirect_uri:

code=${CODE}&state=${STATE}

2. Get Access Token

If the user accepts your request, Galxe redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. The temporary code will expire after 10 minutes. If the states don’t match, then a third party created the request, and you should abort the process.

Exchange this code for an access token.

URL

Content-Type:application/x-www-form-urlencoded
POST https://api.galxe.com/oauth/auth/2/token


curl -d 'client_id=${CLIENT-ID}&client_secret=${CLIENT-SECRET}&code=${CODE}&grant_type=authorization_code' -H "Content-Type:application/x-www-form-urlencoded" -X POST https://api.galxe.com/oauth/auth/2/token

Parameters

NameTypeDescription
client_idstringRequired. The client ID you received from Galxe for your OAuth App.
client_secretstringRequired. The client secret you received from Galxe for your OAuth App.
codestringRequired. The code you received as a response to OAuth Authorize Step.
code_verifierstringPlain string of code_challenge, only used when requiring code_challenge.

Response

By default, the response takes the following form:

{
  "access_token": "OTJLYTIWNMQTYJY1ZC0ZOGQ2LTGYMDITNWQXZWJKNTA4YZAA",
  "expires_in": 86400,
  "refresh_token": "NGM5OWUXNDKTNTEZOC01NZBMLWEXMGUTMDUYZGJMNZI3YME0",
  "scope": "Twitter",
  "token_type": "Bearer"
}

3. Refresh Access Token

URL

Content-Type:application/x-www-form-urlencoded
POST https://api.galxe.com/oauth/auth/2/token


curl -d 'grant_type=refresh_token&refresh_token=${REFRESH-TOKEN}&client_id=${CLIENT-ID}&client_secret=${CLIENT-SECRET}' -H "Content-Type:application/x-www-form-urlencoded" -X POST https://api.galxe.com/oauth/auth/2/token

Parameters

NameTypeDescription
refresh_tokenstringRequired. The token generated when the Galxe App owner enables expiring tokens and issues a new user access token.
grant_typestringRequired. Value must be refresh_token (required by the OAuth specification).
client_idstringRequired. The client ID for Galxe App.
client_secretstringRequired. The client secret for Galxe App.

Response

{
  "access_token": "NTLMMJKYMMQTZJZJYI0ZZGFLLWE5NZMTMZAZMDY3YWMWNMI4",
  "expires_in": 86400,
  "refresh_token": "NGQXZGVJZDCTNTQ4YY01NTEZLTHMNTMTYJZHMWZIYJUZMJE3",
  "scope": "Twitter Discord",
  "token_type": "Bearer"
}

4. Get Access Token Detail

URL

Authorization: Bearer ${ACCESS-TOKEN}
GET https://api.galxe.com/oauth/api/2/token


curl -H "Authorization: Bearer ${ACCESS-TOKEN}" https://api.galxe.com/oauth/api/2/token

Parameters

NameTypeDescription
access_tokenstringRequired. Append it to header.

Response

{
  "client_id": "client_id",
  "expires_at": "2022-08-31 16:00:22.666401 +0800 CST",
  "scope": "twitter discord"
}

5. Use the access token to access the API

URL

Authorization: Bearer ${ACCESS-TOKEN}
GET https://api.galxe.com/oauth/api/2/user


curl -H "Authorization: Bearer ${ACCESS-TOKEN}" https://api.galxe.com/oauth/api/2/user?scope=Twitter%20Discord

Parameters

NameTypeDescription
access_tokenstringRequired. Append it to request header.
scopestringA space-delimited list of scopes of user data that your APP required. If not set, will set to access token related scope by default.

Response

{
  "TwitterUsername": "twitter_username",
  "TwitterUserID": "twitter_userid",
  "DiscordUsername": "discord_username"
  "DiscordUserID": "discord_userid"
}
Galxe PassportGalxe Passport Oauth