Cloud-based portfolio app for investors & accountants.
API Documentation
  • Introduction
  • Connect API
  • User API
  • Introduction
  • Configuring OAuth
  • Oauth 2.0 Example
  • Sharesight Codes
  • Reference

User API - Configuring OAuth

The Sharesight User API uses the OAuth 2.0 protocol. To authenticate with OAuth 2.0 we strongly recommend that you use an OAuth library in your favourite programming language .

The following OAuth 2.0 authentication endpoints are available

HTTP verb Endpoint
GET /oauth2/authorize/:code
GET /oauth2/authorize
POST /oauth2/authorize
PATCH /oauth2/authorize
PUT /oauth2/authorize
DELETE /oauth2/authorize
POST /oauth2/token
POST /oauth2/revoke
GET /oauth2/token/info

Obtaining your OAuth 2.0 API credentials

Contact Sharesight to request an API account. Once enabled, your OAuth 2.0 Client ID, Client Secret and your Redirect URI will be available under Account Settings > Sharesight Connect.

Obtaining an Access token

We recommend to read following article by Aaron Parecki which offers a simple explanation and advice for implementing the OAuth 2.0 protocol. Although we recommend using an Ouuth Library, we've also provided an OAuth example using cURL which details the mechanics of the OAuth 2.0 authentication flow.

Be aware that Sharesight access tokens are valid for 30 minutes and need to be refreshed frequently.

Generally we recommend that you use the authorization_code grant type. If you

wish to obtain access tokens for your end users you must use this grant type. Please note that single sign on (SSO) requires an access token for the user. If you

only wish to connect to your own Sharesight account, you can use the password grant type or the client credentials grant type. The password grant type which allows you to retrieve an access token by simply making a POST request with your Client ID, Username and Password. The client credentials ID and Secret. Please note however that the authorization_code grant type is similar but requires making a POST request with your Client ID and Secret. The client credentials grant type also requires that your user account is linked to your API Consumer Application. required if you wish to implement single sign on (SSO) for your end users (even if their portfolios are maintained under your own account).
If you have any questions or concerns, please contact support@sharesight.com.