Getting started

This tutorial is intended for those interested in consuming OAuth based APIs, such as engineers and web developers, and how Pizzly makes it faster to integrate with a pre-configured list of APIs.

Objectives

• Running Pizzly locally
• Connect yourself to GitHub
• Retrieve your GitHub accessToken
• Make an authenticated request to GitHub API

Prerequisites

• Having a GitHub account (signup here, it's free)
• Node.js & npm installed
• Download and install PostgreSQL

Running Pizzly on your machine

1. Download the Pizzly source code:

git clone https://github.com/Bearer/Pizzly

2. Change to the directory:

cd pizzly

3. Install dependencies for the project (you can also use npm):

yarn install

4. Setup the database

yarn db:setup

5. Start the local server:

yarn start

6. View app in your browser by opening:

http://localhost:8080/

Connect yourself to GitHub

1. On GitHub, create an OAuth application.
2. Make sure to register the following url as the Authorization callback URL:

http://localhost:8080/auth/callback

3. Open Pizzly dashboard and select the GitHub API:

http://localhost:8080/dashboard/github

4. Click on "Save credentials" and fill the form with the following information:

   1. Use the "Client ID" / "Client Secret" provided by GitHub in step 2.
   2. For the scopes field, enter user.
   3. Save the form to save the credentials in the database.

5. Open the following page in your browser and click on "Connect to GitHub":

http://localhost:8080/dashboard/github/authentications/connect

Tip: when you want to connect your users to an API, you don't need to repeat all these steps. Only the latest one is required. To learn more on how to connect users on your application, read the Pizzly's connect guide.

Retrieve your GitHub's accessToken

While you connected yourself to GitHub, Pizzly has created an authId. It's a reference that Pizzly uses to retrieve the OAuth payload, including the accessToken. Let's see how to retrieve the information associated with your authId.

1. Grab the authId from the step #7 in the previous section. It's something similar to:

9170f2c0-8957-11ea-ad33-0bc14197b007

2. Retrieve the OAuth payload with the following command:

curl http://localhost:8080/api/github/authentications/REPLACE-WITH-YOUR-AUTH-ID

3. The response should look something similar to:

{
  "id":"9170f2c0-8957-11ea-ad33-0bc14197b007",
  "object":"authentication",
  "auth_id":"9170f2c0-8957-11ea-ad33-0bc14197b007",
  "payload":{
    "connectParams":{},
    "serviceName":"github",
    "userId":"9170f2c0-8957-11ea-ad33-0bc14197b007",
    "updatedAt":1588081979214,
    "accessToken":"d7eexxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "refreshToken":"non",
    "idToken":"non",
    "expiresIn":0,
    "scopes":[],
    "tokenResponseJSON":"...",
    "callbackParamsJSON":"..."
  },
  "created_at":"2020-04-28T13:52:59.218Z",
  "updated_at":"2020-04-28T13:52:59.218Z"
}

Make an authenticated request to GitHub

The example below uses Node.js, as it's the main language of Pizzly, but the concept is applicable to any programming language.

curl -X GET http://localhost:8080/proxy/github/user \
 -H "Pizzly-Auth-Id: 0c6ced70-a029-11ea-90f3-ddcda33824a1"

From your application's point of view, this snippet does one request directly to the Pizzly instance. Behind the scene, here's what's happening:

1. Pizzly receives the request and queries the database to retrieve the user's accessToken.
2. It uses the accessToken to make an authenticated request to the GitHub API.
3. And send the response back to your application.

There are two main benefit from using Pizzly as a proxy:

• In case needed, Pizzly will automatically refresh the token before requesting the third-party API.
• You can use the Pizzly's JS client to query APIs right from your frontend

What's next?

• Use Pizzly on a JAM stack
• Install Pizzly on the cloud
• Secure your instance
• Learn more about Pizzly's API