10+ Login APIs Posted in Platforms Vyom Srivastava June 9, 2022 When you create an account on a website, you probably often see buttons like “Login With Google” or “Login With Facebook.” But have you ever wondered how that works? Social logins use APIs developed by companies like Facebook, Google, Twitter, and others, to allow users to authenticate themselves as a valid user. This, in turn, gives information like email, name, and user id for the developers to store in the database. In this article, we’ll review some of the most popular and secure login APIs that you can integrate into your application. Most of these login APIs are from social media platforms, although a few of them are from developer portals and professional networking platforms. Google Login API Google Login API is a popular login API since Google web apps are so widely used — Gmail has become synonymous with the word “email.” The integration of this API is straightforward as it uses OAuth 2.0 for authentication. You just have to generate the credentials for the application with the appropriate scope, and you’re good to go. After creating the credentials, you must insert the Google button onto your application for users to use to signup. Everything is well-documented on their website, with all the necessary code for multiple languages. To get the authenticated user’s basic information, make sure to use scope userinfo.profile. Here’s an example response from the API: { 'sub': '<unique_id>', 'name': '<full>', 'given_name': '<first>', 'family_name': '<last>', 'picture': '<pic>', 'email': '<email>', 'email_verified': True, 'locale': 'en' } Twitter Login API Twitter Login API is a bit different than the Google Login API. You first need to create an app on the Twitter platform and fill up the required form. It then gets submitted for approval. After the approval, you can start with the integration. You have the option to use OAuth 1.0, OAuth 2.0, and Basic Authentication. After you generate the access and refresh token, you can then fetch the user’s details. One thing to note here is that you need to set the flag include_email to true. { "contributors_enabled": true, "created_at": "Sat May 09 17:58:22 +0000 2009", "default_profile": false, "default_profile_image": false, "description": "I taught your phone that thing you like. The Mobile Partner Engineer @Twitter. ", "favourites_count": 588, "follow_request_sent": null, "followers_count": 10625, "following": null, "friends_count": 1181, "geo_enabled": true, "id": 38895958, "id_str": "38895958", "is_translator": false, "lang": "en", "listed_count": 190, "location": "San Francisco", "name": "Sean Cook", "notifications": null, "profile_background_color": "1A1B1F", "profile_background_image_url": "https://a0.twimg.com/profile_background_images/495742332/purty_wood.png", "profile_background_image_url_https": "https://si0.twimg.com/profile_background_images/495742332/purty_wood.png", "profile_background_tile": true, "profile_image_url": "https://a0.twimg.com/profile_images/1751506047/dead_sexy_normal.JPG", "profile_image_url_https": "https://si0.twimg.com/profile_images/1751506047/dead_sexy_normal.JPG", "profile_link_color": "2FC2EF", "profile_sidebar_border_color": "181A1E", "profile_sidebar_fill_color": "252429", "profile_text_color": "666666", "profile_use_background_image": true, "protected": false, "screen_name": "theSeanCook", "show_all_inline_media": true, "status": { "contributors": null, "coordinates": { "coordinates": [ -122.45037293, 37.76484123 ], "type": "Point" }, "created_at": "Tue Aug 28 05:44:24 +0000 2012", "favorited": false, "geo": { "coordinates": [ 37.76484123, -122.45037293 ], "type": "Point" }, "id": 240323931419062272, "id_str": "240323931419062272", "in_reply_to_screen_name": "messl", "in_reply_to_status_id": 240316959173009410, "in_reply_to_status_id_str": "240316959173009410", "in_reply_to_user_id": 18707866, "in_reply_to_user_id_str": "18707866", "place": { "attributes": {}, "bounding_box": { "coordinates": [ [ [ -122.45778216, 37.75932999 ], [ -122.44248216, 37.75932999 ], [ -122.44248216, 37.76752899 ], [ -122.45778216, 37.76752899 ] ] ], "type": "Polygon" }, "country": "United States", "country_code": "US", "full_name": "Ashbury Heights, San Francisco", "id": "866269c983527d5a", "name": "Ashbury Heights", "place_type": "neighborhood", "url": "https://api.twitter.com/1/geo/id/866269c983527d5a.json" }, "retweet_count": 0, "retweeted": false, "source": "Twitter for iPhone", "text": "@messl congrats! So happy for all 3 of you.", "truncated": false }, "statuses_count": 2609, "time_zone": "Pacific Time (US & Canada)", "url": null, "utc_offset": -28800, "verified": false } Facebook Login API There are nearly three billion monthly active users on Facebook, 3/8 of the world’s population. Facebook API uses OAuth for the authentication — you first need to create an app on their developer portal. After that, you’ll need to get the required scopes for your app. Once done, you can easily use the login functionality. In terms of a basic response, the Facebook login API returns the below JSON after successful authentication: { status: 'connected', authResponse: { accessToken: '{access-token}', expiresIn:'{unix-timestamp}', reauthorize_required_in:'{seconds-until-token-expires}', signedRequest:'{signed-parameter}', userID:'{user-id}' } } Now, you can either save the userID as an identifier or make another internal call using the accessToken for profile details. There’s a list of scopes available in Facebook’s documentation that you can use to fetch the user details too. Telegram Login API Telegram is an open-source messaging platform used by more than 550 million users. To use the API, you first need to generate an api_id and api_hash by filling up the API form. After that, you can use those credentials in your application. This login API works in a bit different manner. It first sends an OTP on the user’s app, and then the user has to pass the OTP to your application to verify themselves. Since Telegram doesn’t work with email, it can only return you the phone number and username of the authenticated user. Outlook Login API Outlook Login API is very similar to Google Login API as it also follows OAuth. It has a functionality called Microsoft Graph that you’ll have to use. You first need to create an app on their developer portal, and after that, you can easily use their API for user logins. The authentication API returns you the access token, and you can use this access token to get the basic profile details like email and name. Since Outlook uses Microsoft Graph, it means that if you want, you can easily pass multiple scopes to access other Office365 services associated with that user like Word, Excel, etc. Example response of /me endpoint: { "businessPhones": [ "businessPhones-value" ], "displayName": "displayName-value", "givenName": "givenName-value", "jobTitle": "jobTitle-value", "mail": "mail-value", "mobilePhone": "mobilePhone-value", "officeLocation": "officeLocation-value", "preferredLanguage": "preferredLanguage-value", "surname": "surname-value", "userPrincipalName": "userPrincipalName-value", "id": "id-value" } Github Login API Sometimes, developer-facing apps may want to offer a login method for software developers to use. In that case, Github is the best option for these users. It comes with an authentication API that you can integrate into your application. Like other APIs, you must create an application on their platform that gives you the client_id and client_secret. After that, you’ll have to put a redirect URL (a URL where the users will be redirected after authentication). Initially, the Github login API supported basic authentication, but now it only works using OAuth. You’ll get the access_token associated with that user on successful authentication. If you want to fetch the email, then you’ll have to pass another scope: user:email. Example response from the API: [ { "email": "octocat@github.com", "primary": true, "verified": true, "visibility": "private" } ] Linkedin The Linkedin Login API is a near-exact replica of the Outlook Login API simply because both of them are owned by Microsoft. It uses OAuth 2.0 for authentication, and you also need to create an application on their portal to access their API. There are different permission levels this platform uses, and they’re listed on their documentation page. To fetch the user email after authentication, you’ll have to pass the scope r_emailaddress. Example response from the API: { "elements": [ { "handle": "urn:li:emailAddress:3775708763", "handle~": { "emailAddress": "ding_wei_stub@example.com" }, "primary": true, "type": "EMAIL" }, { "handle": "urn:li:phoneNumber:6146249836070047744", "handle~": { "phoneNumber": { "number": "158****1473" } }, "primary": true, "type": "PHONE" } ] } Slack Login API Slack also uses OAuth for the authentication API. You must first create an app on their portal that, in return, gives you the client_id, client_secret, and redirect_url. On successful authentication, you’ll receive the access token with the scope. To get other user profile details, you’ll have to pass other scopes like users.info. Example response from the API: { "access_token": "xoxp-23984754863-2348975623103", "scope": "read" } Yahoo! Login API Yahoo! used to be one of the most popular websites on the internet, and Yahoo! Mail is still in use today, with over 200 million users. Yahoo! offers a login API, but it isn’t widely used compared to Google or Twitter. The Yahoo! login API uses OAuth for authentication. You first must create an app on their portal and then generate the credentials like client_id, client_secret, and redirect_url. After that, you’ll have to make a request to the URL: https://api.login.yahoo.com/oauth2/request_auth with those parameters. On successful authentication, it’ll return you the access token, refresh token, and id token. Like other APIs, you’ll have to pass the scope to fetch user profile details. Example response from the API: { "access_token":"TOKEN", "refresh_token":"AJj.Dlbt_e4XN85buQhFXj77sIB3lqBF3Bcqb2kwUEoYrBb0Pg--", "expires_in":3600, "token_type":"bearer", "xoauth_yahoo_guid":"UQIDWJNWVNQD4GXZ5NGMZUSTQ4", "id_token":"TOKEN" } Firebase API Firebase API handles everything from user management, signup, login, and other functions. It is mostly used for single-page web applications and mobile apps. It can easily be used for user token management. Example response from the API: { "idToken": "[ID_TOKEN]", "refreshToken": "[REFRESH_TOKEN]", "expiresIn": "3600" } Final Words Login APIs improve the user experience by removing the hassle of filling out yet another signup form. As an app developer, you don’t have to send a verification email at the time of user registration, and you also don’t have to store the passwords. Therefore, it acts as a secure means of authentication. However, since you’re not responsible for the security of the API, if the third-party or user is hacked, they could lose their account and be unable to recover it. You can use multiple APIs from the list above and integrate them into your application. Choosing which one to use will entirely depend on your application’s requirements and the end-users. For example, if you’re creating an app to serve developers, consider using Github or Twitter login APIs. If you’re targetting business users, Outlook or Linkedin might make sense. Or, if your application is intended for typical end-users, then Facebook or Google login APIs may be most appropriate.
