Skip to main content
POST
/
public
/
v1
/
submit
/
oauth

Authorizations

X-Stamp
string
required
Cryptographically signed (stamped) request to be passed in as a header. For more info, see here.

Body

type
enum<string>
required
Enum options: ACTIVITY_TYPE_OAUTH
timestampMs
string
required
Timestamp (in milliseconds) of the request, used to verify liveness of user requests.
organizationId
string
required
Unique identifier for a given Organization.
parameters
object
required

The parameters object containing the specific intent data for this activity.

generateAppProofs
boolean
Enable to have your activity generate and return App Proofs, enabling verifiability.

Response

A successful response returns the following fields:
activity
object
required
The activity object containing type, intent, and result
curl --request POST \
  --url https://api.turnkey.com/public/v1/submit/oauth \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --header "X-Stamp: <string> (see Authorizations)" \
  --data '{
    "type": "ACTIVITY_TYPE_OAUTH",
    "timestampMs": "<string> (e.g. 1746736509954)",
    "organizationId": "<string> (Your Organization ID)",
    "parameters": {
        "oidcToken": "<string>",
        "targetPublicKey": "<string>",
        "apiKeyName": "<string>",
        "expirationSeconds": "<string>",
        "invalidateExisting": "<boolean>"
    }
}'
import { Turnkey } from "@turnkey/sdk-server";

const turnkeyClient = new Turnkey({
  apiBaseUrl: "https://api.turnkey.com",
  apiPublicKey: process.env.API_PUBLIC_KEY!,
  apiPrivateKey: process.env.API_PRIVATE_KEY!,
  defaultOrganizationId: process.env.ORGANIZATION_ID!,
});

const response = await turnkeyClient.apiClient().oauth({
  oidcToken: "<string> (Base64 encoded OIDC token)",
  targetPublicKey: "<string> (Client-side public key generated by the user, to which the oauth bundle (credentials) will be encrypted.)",
  apiKeyName: "<string> (Optional human-readable name for an API Key. If none provided, default to Oauth - <Timestamp>)",
  expirationSeconds: "<string> (Expiration window (in seconds) indicating how long the API key is valid for. If not provided, a default of 15 minutes will be used.)",
  invalidateExisting: true // Invalidate all other previously generated Oauth API keys
});
{
  "activity": {
    "id": "<activity-id>",
    "status": "ACTIVITY_STATUS_COMPLETED",
    "type": "ACTIVITY_TYPE_OAUTH",
    "organizationId": "<organization-id>",
    "timestampMs": "<timestamp> (e.g. 1746736509954)",
    "result": {
      "activity": {
        "id": "<string>",
        "organizationId": "<string>",
        "status": "<string>",
        "type": "<string>",
        "intent": {
          "oauthIntent": {
            "oidcToken": "<string>",
            "targetPublicKey": "<string>",
            "apiKeyName": "<string>",
            "expirationSeconds": "<string>",
            "invalidateExisting": "<boolean>"
          }
        },
        "result": {
          "oauthResult": {
            "userId": "<string>",
            "apiKeyId": "<string>",
            "credentialBundle": "<string>"
          }
        },
        "votes": "<array>",
        "fingerprint": "<string>",
        "canApprove": "<boolean>",
        "canReject": "<boolean>",
        "createdAt": "<string>",
        "updatedAt": "<string>"
      }
    }
  }
}