Miro apps need authorization to access content on Miro boards. Authorization is an explicit consent that a user grants to a specific app, which in turn, provides access to specific Miro user data or team data. There are multiple ways to request for authorization, such as via the SDK, OAuth 2.0 flow, direct app installation link, Miro marketplace, or a third-party app page. Deciding which way is suited for your use case depends mostly on your application type, use case, and whether your app uses only the Web SDK, only the REST APIs, or a combination of both the Web SDK and the REST APIs. Our Web SDK and REST APIs implement user access control through scopes. Scopes define the permissions your app requires to work as designed and to interact with a Miro board. For more information, see Scopes.


REST API OAuth authorization flow

Here’s a summary of the steps involved in the OAuth authorization flow:

  1. Create authorization request link
  2. Request user for authorization
  3. Exchange authorization code with access token
  4. Use token for REST API requests
  5. Obtain refresh token (optional)
  6. Revoke token (optional)