View the Project on GitHub COG-UK/docs

Updated 2020-09-07 by @samstudio8

Authorising applications to use your Majora account with OAuth

At the start of September, we began the process of phasing out the use of the rotating API keys with an easier to use, well known, industry standard protocol for authorisation, called OAuth. Specifically, we use OAuth v2.0. This will change how you use external services that use your Majora account, such as the metadata uploader. It is important for you to remember that you are responsible for anything an authorised application does with your account, so you must take care when asked whether to authorise your Majora account. We provide some advice below.

What’s changed?

Instead of visiting the API key page on your profile, rotating your token and using this token to access external services. You can now visit the external service directly and “Sign in with Majora”. You will no longer need to be responsible for rotating your API token.

How will it work?

We focus on the authorisation flow for an external web application (such as the metadata uploader), but you are able to register your own application to interact with the API too. The flow is as so:


An example authorisation page looks like this:



Published 2020-09-07. Updated 2020-09-07. Page maintainer @samstudio8.