Skip to content

Document self-serve OAuth app and API Key creation #687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bunnybilou wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Document self-serve OAuth app and API Key creation #687

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,11 +259,9 @@ Once terms are accepted, you will be able to sign in again.

With our [OAuth](https://oauth.net/2/) API, users can sign-in to your service using their Sorare account, which allows you to request data on their behalf.

In order to use our OAuth API, we need to issue you a Client ID and Secret for your application. You can request one through our [Help Center](https://help.sorare.com/hc/en-us/requests/new) with the following information:
In order to use our OAuth API, we need to issue you a Client ID and Secret for your application.

- A unique name for your application
- One or more callback URLs (e.g., `http://localhost:3000/auth/sorare/callback` for development & `https://myapp.com/auth/sorare/callback` for production)
- A logo for your application in PNG format
You can create an OAuth application from [your developer settings](https://sorare.com/settings/developer).

Sorare currently supports only the following OAuth 2.0 grant flows:

Expand Down Expand Up @@ -362,15 +360,17 @@ $ curl -X POST "https://api.sorare.com/oauth/revoke" \

## Rate limit

The GraphQL API is rate limited. We can provide an extra API Key on demand that raises those limits.
The GraphQL API is rate limited.

Here are the configured limits:

- Unauthenticated API calls: 20 calls per minute
- Authenticated (JWT or OAuth) API calls: 60 calls per minute
- API Key API calls: 600 calls per minute
- API Key API calls: 200 calls per minute
- 40 inflight queries. This only takes into account the backend/server processing part and excludes any network delays.

You can create an API Key from [your developer settings](https://sorare.com/settings/developer).

The API key should be passed in an http `APIKEY` header.

**Example:**
Expand Down Expand Up @@ -401,7 +401,7 @@ To stay within the limit, we recommend:

## GraphQL Complexity and Depth limits

The GraphQL queries have complexity and depth limits. We can provide extra API keys (on demand) raising those limits.
The GraphQL queries have complexity and depth limits. An API Key created from [your developer settings](https://sorare.com/settings/developer) raises those limits.

- Depth reflects the longest nested fields chain.
- Complexity reflects the potential total number of fields that would be returned. If the query asks for the first 50 cards, the complexity is computed on 50 cards, even if the result set is composed of 1 card.
Expand Down