OAuth2

BugSplat supports authenticating via OAuth 2.0 in addition to the username/password authentication described in our API documentation. Currently, only the OAuth2 client credentials flow is supported. If you are interested in exploring other OAuth 2.0 authentication methods, please contact [email protected].

A reference client implementation can be found in our @bugsplat/js-api-client repo.

Client Credentials

To authenticate via OAuth2 client credentials, you will need to create a Client ID and Client Secret pair on the OAuth Integrations page. When prompted, enter an application name and choose a desired scope.

BugSplat scopes are hierarchical (not composable), and the available choices are either symbols or restricted. The only operation allowed by the symbols scope is symbol upload. The restricted scope provides read-only access to the Charting, Crash, Crashes, Summary, Versions, and Key Crash APIs

Copy the Client ID and Client Secret to a secure location. Once you've dismissed the dialog, the Client Secret will not be displayed again.

Authorize

The Client ID and Client Secret are used in a POST to the server and will return access_token and a token_type. The Authorize endpoint is described below.

Headers

Once an access_token and token_type have been acquired, they can be used in any of the API requests outlined in our API docs. To make an authenticated request to one of BugSplat's API endpoints, add a header with a key of Authorization and a value of ${token_type} ${access_token}.

Authorize

POST https://app.bugsplat.com/oauth2/authorize

Exchange a Client Id and Client Secret for a bearer token.

Request Body

{
  "token_type": "Bearer",
  "expires_in": 3600,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9[...]"
}