Do you agree with 1Password’s star rating? Check out what 3,727 people have written so far, and share your own experience. Read 3,521-3,540 Reviews out of 3,727. 1Password is the best password generator/keeper of passwords out there. I did prefer the old stand alone version; I found it easier to use, but the new version still excels at what it does. Support staff is great too. Outstanding customer support Outstanding customer support. I've used the app for several years and found it meets all my requirements, but I was having trouble getting one feature to work on a new computer; the 1Password support person recommended an easy fix and it worked at the first try.
The Implicit grant type is used only for pure browser-based applications. The user will obtain only an access token. It involves the following steps:
1Password 2 wks ago. 2019 Webby award winner & highest rated password manager on Trustpilot.com. No limit on the number of devices you can use, nor the number. AgileBits 1Password is horrible. AgileBits 1Password is horrible. Their support is beyond bad. They do not have records of your purchases and you will waste untold hours on this system. After you buy something from them, they drop it and try to force you to something more expensive.
1. Redirects to Trustpilot website for Authorization
The user is first redirected to a website owned by Trustpilot in order to be authorized. After the authorization succeeds, Trustpilot redirects the user back to the client site with an access_token parameter that contains the access token to access the Trustpilot API and an expires_in parameter that specifies when the access token expires:
Method: GET
https://authenticate.trustpilot.comParameters:
| Name | Type | Description |
|---|---|---|
| client_id | Required string | The API key |
| redirect_uri | Required string | The client's site URL. The URL in your app where it will be redirected to after authorization. The redirect_uri must be https. |
| response_type | Required string | Value must be set to token |
Example:
https://authenticate.trustpilot.com?client_id=APIKey&redirect_uri=https://www.clientsSite.com&response_type=tokenRedirects back to:
https://www.clientsSite.com/#access_token=AccessToken&token_type=bearer&expires_in=359999Notice that the access_token parameter is available behind the fragment, and thus available to client side scripting.
Refresh the Access Token
Every access token has an expiration date. When the access token expires, the user needs a refresh token to generate a new access token. Note that the user can obtain a refresh token using both the Authorization Code grant type and the Password grant type as described above.
Use the following request to receive a new access token:
Method: POST
https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/refreshor
https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/accesstokenHeaders:
The API key and secret can be passed either in Authorization header, using HTTP Basic authentication, or in payload, using the client_id and client_secret parameters. Using HTTP Basic authentication is the recommended approach.Payload:
| Name | Type | Description |
|---|---|---|
| grant_type | Required string | Value must be set to refresh_token |
| refresh_token | Required string | The refresh token |
| client_id | Optional string | The API key |
| client_secret | Optional string | The API secret |
Example:
https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/refreshPayload:
The response will contain amongst other fields the access token and the refresh token:Revoke the Refresh Token
The user has the option to revoke a refresh token. Note that revoking a refresh token also revokes the related access token.
Use the following request to revoke a refresh token:
Method: POST
https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/revokeHeaders:
Payload:
| Name | Type | Description |
|---|---|---|
| token | Required string | The refresh token |
Example:
https://api.trustpilot.com/v1/oauth/oauth-business-users-for-applications/revokePayload:
Trustpilot 1password App
The user receives a 200 response if the revocation succeeded.Using the Access Token
With the access token you are ready to call any of the Customer APIs.
To call any of the Customer API endpoints you need to pass along the access token. It can be passed either as a header or in the querystring.
For example if you pass in the query string, the URL is as follows:
You may pass it as a header as follows:
Trustpilot 1password Chrome Extension
Note that in the JSON returned the property is called 'access_token' but when passing into the next API the parameter should be called 'token'.