To integrate Phoenix, you need to obtain an access token through an OAuth-like flow. This token must be retrieved from your backend and passed to the frontend for use in the integration.
const myHeaders = new Headers();myHeaders.append("Content-Type", "application/json");const raw = JSON.stringify({ "client_id": "x", // Replace with your client ID from Phoenix team "client_secret": "y", // Replace with your client secret from Phoenix team "grant_type": "client_credentials" // Always use this value});const requestOptions = { method: "POST", headers: myHeaders, body: raw, redirect: "follow"};fetch("https://api.phoenix.market/oauth/token", requestOptions) .then((response) => response.text()) .then((result) => console.log(result)) .catch((error) => console.error(error));
The access token does not need to be generated on a per-user basis. You can use the same access token across all your users. A recommended practice is to set up a cron job that runs every hour to refresh your access_token and store it on your backend for all your users to share.
Store credentials securely: Your client_id and client_secret should never be exposed in frontend code.
Token lifespan: Access tokens are valid for 1 hour (3600 seconds). Set up a cron job on your backend to refresh the token hourly.
Token storage: Store the current valid access token securely on your backend and provide an API endpoint for your frontend to retrieve it.
Domain whitelisting: Phoenix will be implementing domain whitelisting and additional security measures in the future. Keep your integration up to date by checking documentation regularly.