Universe Public API

The Universe Developer Hub

Welcome to the Universe developer hub. You'll find comprehensive guides and documentation to help you start working with Universe as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Client Credentials Flow

OAuth Application Required

In order to authorize with OAuth, you are required to create a Universe application. During the initial launch of our API, you must do so by requesting one from developers@universe.com.

All authorized requests in our API require you to implement this strategy or the auth code grant flow. This flow, the client credentials flow, will only allow you to retrieve Universe user data for the owner of your OAuth application. If you are developing an integration for Universe users as a whole, please use the auth code grant flow.

Before proceeding with this guide, please make sure that you have created a Universe OAuth Application. Additionally, please familiarize yourself with OAuth 2.0 concepts generally: http://oauthbible.com

Step 1. Exchange the Your Client Credentials for an Access Token

All registered Universe OAuth applications belong to individual Universe users (referred to as "owner"). In just one step, you can exchange an application's client_id and client_secret for an access_token, and with that access_token retrieve data as the application's owner.

curl --request POST \
  --url 'https://www.universe.com/oauth/token' \
  --header 'content-type: application/json' \
  --data '{"grant_type":"client_credentials","client_id": "CLIENT_ID","client_secret": "CLIENT_SECRET","code": "AUTHORIZATION_CODE"}'

Where:

  • grant_type: This must be client_credentials.
  • client_id: Your application's Client ID.
  • client_secret: Your application's Client Secret.

The response contains the access_token, refresh_token, expires_in, token_type, scope, and created_at values, for example:

{
  "access_token": "eyJz93a...k4laUWw",
  "refresh_token": "GEbRxBN...edjnXbL",
  "token_type": "Bearer",
  "expires_in": 2592000,
  "scope": "public",
  "created_at": 1494964915
}

Step 2. Using the Access Token

Once the access_token has been obtained it can be used to make calls to the API by passing it as a Bearer Token in the Authorization header of the HTTP request:

curl --request GET \
  --url https://api.universe.com/some_endpoint \
  --header 'authorization: Bearer ACCESS_TOKEN'

Client Credentials Flow