# Authorization

The Onehub API uses [OAuth 2.0 Draft 10](http://tools.ietf.org/html/draft-ietf-oauth-v2-10) for both authorization and authentication. Authorize your account when using the API by including your client ID and secret along with your preferred OAuth 2 authorization method.

We recommend using an [existing OAuth 2 library](http://oauth.net/2) in your language of choice.

{% hint style="warning" %}
All API requests must be made over [HTTPS](http://en.wikipedia.org/wiki/HTTP_Secure). Requests made over plain HTTP will results in an [error](https://developer.onehub.com/api/errors). Requests made without authorization will also result in an [error](https://developer.onehub.com/api/errors).
{% endhint %}

### Supported OAuth 2.0 Grant Types

#### Authorization

Primarily used in the context of integrating your app with Onehub and allowing users to grant it access to their data via a web-based authorization flow. More information on this grant type can be [found here](https://oauth.net/2/grant-types/authorization-code/).

#### Password

Used for directly authenticating as a user. Use this grant type if you want to access your own Onehub data via the API. More information on this grant type can be [found here](https://oauth.net/2/grant-types/password/).

## Authorization Endpoint

```
https://ws-api.onehub.com/oauth/authorize
```

## Password Grant Examples

* [Ruby](https://github.com/onehub/api-examples/blob/master/ruby/password_grant_REPL.rb)
* [Java](https://github.com/onehub/api-examples/tree/master/java/oauth2)