Skip to main content
Glama
OverviewAPIOAuth PKCEPrompt CachingRequest LabelingRequest Logging

OAuth PKCE

Users can connect to Glama Gateway in one click using Proof Key for Code Exchange (PKCE).

Overview

  • OAuth PKCE is a method of obtaining an API key for Glama Gateway on behalf of a user.

Implementation Steps

Step 1: Direct your user to authorization URL

Redirect your user to the following URL:

https://glama.ai/oauth/authorize?callback_url=YOUR_SITE_URL

Using S256 code_challenge

Include these parameters in the URL:

  • code_challenge=CODE_CHALLENGE
  • code_challenge_method=S256

Generate the code_challenge using S256:

import crypto from "node:crypto"; const generateCodeVerifier = () => { return crypto.randomBytes(256).toString('base64url'); } const sha256CodeChallenge = (input: string) => { return crypto.createHash("sha256").update(input).digest("base64url"); } const codeVerifier = generateCodeVerifier(); const codeChallenge = sha256CodeChallenge(codeVerifier);

Store the value of codeVerifier and use it in the Step 2.

Example:

https://glama.ai/oauth/authorize?callback_url=YOUR_SITE_URL&code_challenge=CODE_CHALLENGE&code_challenge_method=S256

Step 2: Exchange the authorization code for an API key

After the user logs in, they will be redirected back to your site with an authorization code included in the URL as a query parameter. Use this code to exchange it for a user-controlled API key.

fetch("https://glama.ai/api/gateway/v1/auth/exchange-code", { method: "POST", body: JSON.stringify({ code: "<CODE_FROM_QUERY_PARAM>", code_verifier: "<CODE_VERIFIER>", code_challenge_method: "<CODE_CHALLENGE_METHOD>" }) });

Step 3: Use the API key

The API key will be returned in the response under the key apiKey. Store it securely and use it to authenticate requests against Glama's OpenAI-compatible gateway:

fetch("https://glama.ai/api/gateway/openai/v1/chat/completions", { method: "POST", headers: { "Authorization": "Bearer <GLAMA_API_KEY>", "Content-Type": "application/json" }, body: JSON.stringify({ "model": "openai/gpt-4o", "messages": [ {"role": "user", "content": "Hello, World!"} ] }) });

You can use libraries compatible with the OpenAI API, such as openai (for JavaScript) or openai (for Python).

Need help?

If you have any questions or need help, reach out to our support.