Backend setup
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code

Your backend must support OAuth 2.0 token exchange to obtain Spotnana tokens on behalf of your users. This page explains the backend setup process:

Get client credentials from Spotnana

Spotnana will provide you with a unique client_id and client_secret which you'll use to request an access token every time a user logs in to the platform. Store the client secret securely and never expose it in your codebase.

Create a get user detail API endpoint

You must create a get user detail API in your system. Spotnana will use this API to validate the identity of the logged in user. The API call from Spotnana will contain the user's bearer token. Your get user detail endpoint must return the user's email address from your system.

For example, Spotnana sends an API request with the following format:

GET https://api.yourcompany.com/v1/user-detail
Authorization: Bearer <user_bearer_token>

Your endpoint should return a JSON response containing the user's email as shown below:

{
  "user": {
    "email": "user@yourcompany.com"
  }
}

Notes:

If your response cannot include a field called email, contact your Spotnana account representative to set up a custom mapping.
The email address must be the same as the one used to create the user's profile on the Spotnana platform.

We'll use this information to verify the user's identity within our system.

Token exchange request

To obtain a Spotnana access token on behalf of the user, your system must send a POST request to the OAuth token generation endpoint.

Here's a sample API request schema:

curl -X POST "https://api-ext-sboxmeta.partners.spotnana.com/v2/auth/oauth2-token" \
  -d "grant_type=urn:ietf:params:oauth:grant-type:token-exchange" \
  -d "client_id=<YOUR_CLIENT_ID>" \
  -d "client_secret=<YOUR_CLIENT_SECRET>" \
  -d "subject_token=<YOUR_USER_TOKEN>" \
  -d "subject_token_type=urn:ietf:params:oauth:token-type:access_token" \
  -d "scope=openid"

Here's a sample response:

{
  "access_token": "eyJraWQiOi...",
  "refresh_token": "eyJjdHkiOi...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "openid"
}

The table below explains the different parameters used in the OAuth token generation API request:

Parameter	Required?	Description
`grant_type`	Yes	Must contain the value: `urn:ietf:params:oauth:grant-type:token-exchange`.
`client_id`	Yes	Your Spotnana client ID.
`client_secret`	Yes	Your Spotnana client secret.
`subject_token`	Yes	The user's access token. Spotnana will use this as a bearer token to call your get user detail endpoint to identify the user.
`subject_token_type`	Yes	Must contain the value: `urn:ietf:params:oauth:token-type:access_token`.
`scope`	Yes	Must contain the value: `openid`.

Backend setupCopyCopy for LLMCopy page as Markdown for LLMsView as MarkdownOpen this page as MarkdownOpen in ChatGPTGet insights from ChatGPTOpen in ClaudeGet insights from ClaudeConnect to CursorInstall MCP server on CursorConnect to VS CodeInstall MCP server on VS Code

Get client credentials from Spotnana

Create a get user detail API endpoint

Token exchange request

Backend setup
Copy for LLM
Copy page as Markdown for LLMs
View as Markdown
Open this page as Markdown
Open in ChatGPT
Get insights from ChatGPT
Open in Claude
Get insights from Claude
Connect to Cursor
Install MCP server on Cursor
Connect to VS Code
Install MCP server on VS Code