Strike OAuth Connect
Overview
Strike OAuth Connect allows you to use the power of Strike’s functionality in your application. This means allowing users to log in to their Strike account and make cash and bitcoin transactions within your app.
Strike OAuth Connect leverages OAuth 2.0 and OpenID Connect, both industry-standard protocols, to facilitate authentication, authorization, and access control workflows on Strike accounts. Follow the below instructions to register and implement Strike OAuth Connect in your app.
Prerequisites
Before you get started, you should have a general understanding of OAuth and OpenID Connect (OIDC). Strike acts as an OIDC provider that allows third-party applications to authenticate Strike users inside their applications. Once that Strike user has been authenticated via OAuth, your application can use the Strike API to make API calls on that user’s behalf, such as sending and receiving transactions.
Register a client
To begin, ensure you have a Strike account registered for your client. If you don’t yet have a Strike business account, please reach out to partners@strike.me to begin the setup. Due to the sensitivity and power of the Strike API and Strike OAuth Connect, you must first go through an approval process to get your client approved.
During the approval process, you’ll need to provide the business use case for your client, as well as which API scopes you expect to need. The full list of Strike API endpoints and their required scopes can be found at Strike’s API Reference. For a speedy approval process, please ensure the business use case for your client is clear and that you request only the minimum necessary API scopes. After approval, if you need expanded resources or functionality, please contact api@strike.me.
To complete the registration process, you’ll need to submit a client secret and login/logout redirect URLs. The client secret is a security measure to ensure that only the registered client can access user data. The URLs are redirects that tell Strike where to redirect after successful authentication.
Implement OAuth in your client app
To begin implementation, you’ll need to set up an OAuth 2.0 flow within your client app. There are many guides and tutorials available for how to do this, and it’s best to find one that suits your specific needs. The Strike OAuth Connect example app uses next-auth for demo purposes.
If you want to better familiarize yourself with the OAuth flow and how to implement it in your app, check out this documentation. Strike follows standard practices as an OIDC provider to enable ease of integration. There is also a helpful playground to help you understand the steps of the flow in practice.
Once you have completed your registration and implemented OAuth in your client app, you can begin using Strike OAuth Connect. This means you can authenticate Strike users in your app, and begin calling Strike API endpoints on their behalf, provided your registered client has the required scopes and the Strike user has granted the necessary permissions. Once you have obtained an access token, calling Strike API endpoints with that token can be done in the same way as you would with an API key calling endpoints for your own account.
The relevant Strike URLs for integration are as follows:
- STRIKE_API_URI =
https://api.strike.me/v1
- STRIKE_IDENTITY_SERVER_URL =
https://auth.strike.me
If you have any further questions, please reach out to api@strike.me.