Add "Sign in with LoopingBinary" to your app in minutes. Secure OAuth 2.0, passwordless authentication, and a single unified identity across the entire LoopingBinary ecosystem.
A complete identity platform. No passwords, no friction, no headaches.
Full OAuth 2.0 authorization code flow with PKCE support. CSRF protection via state parameter. All traffic over HTTPS.
Users receive a secure 6-digit code via email. No passwords to store, rotate, or breach. Login in seconds.
Cross-subdomain cookies keep users signed in across all LoopingBinary services automatically.
Registration creates both the user account and a linked wallet. Everything your app needs, out of the box.
Clean REST APIs, comprehensive examples, and a dedicated Developer Console on app.loopingbinary.com.
All auth endpoints are on auth.loopingbinary.com. Call from any origin with credentials: "include".
Head to app.loopingbinary.com, create your developer account, register your OAuth client, and drop "Sign in with LoopingBinary" into your app within the hour.
Go to Developer ConsoleIntegrate OAuth in three steps.
Visit the Developer Console, create an OAuth client, and copy your client_id and client_secret.
Send users to the authorization endpoint. They authenticate and are redirected back to your app with an authorization code.
const authUrl = `https://auth.loopingbinary.com/oauth/authorize?
client_id=${clientId}&
redirect_uri=${encodeURIComponent(callbackUrl)}&
response_type=code&
scope=read%20profile&
state=${randomState}`;
window.location.href = authUrl;On your backend only, exchange the code for an access token. Never do this in client-side code.
// Backend only!
const response = await fetch('https://app.loopingbinary.com/api/oauth/token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
grant_type: 'authorization_code',
code: authorizationCode,
redirect_uri: callbackUrl,
client_id: process.env.LB_CLIENT_ID,
client_secret: process.env.LB_CLIENT_SECRET,
}),
});All authentication endpoints live on auth.loopingbinary.com. Token exchange and user info endpoints live on app.loopingbinary.com.
https://auth.loopingbinary.com/api/auth/login/initInitiate passwordless login by sending a 6-digit code to user's email. All authentication endpoints are hosted on auth.loopingbinary.com to avoid CORS issues.
Request Body
{
"email": "user@example.com"
}Response
{
"message": "Login code sent to your email",
"emailSent": true,
"expiresInMinutes": 10,
"code": "123456"
}Example
fetch('https://auth.loopingbinary.com/api/auth/login/init', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
credentials: 'include', // Important: include cookies
body: JSON.stringify({
email: 'user@example.com'
})
})https://auth.loopingbinary.com/api/auth/login/verifyVerify the 6-digit code and receive authentication token. Sets cross-subdomain cookie automatically.
Request Body
{
"email": "user@example.com",
"code": "123456"
}Response
{
"token": "jwt_token_here",
"user": {
"id": "user_uuid",
"email": "user@example.com",
"fullName": "John Doe",
"role": "USER",
"roles": [
"USER"
],
"status": "ACTIVE"
}
}Example
fetch('https://auth.loopingbinary.com/api/auth/login/verify', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
credentials: 'include', // Important: include cookies
body: JSON.stringify({
email: 'user@example.com',
code: '123456'
})
})https://auth.loopingbinary.com/api/auth/login/resendResend login code if user didn't receive it or it expired.
Request Body
{
"email": "user@example.com"
}Response
{
"message": "Login code resent to your email",
"emailSent": true
}Example
fetch('https://auth.loopingbinary.com/api/auth/login/resend', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
credentials: 'include',
body: JSON.stringify({
email: 'user@example.com'
})
})https://auth.loopingbinary.com/api/auth/registerRegister a new user account (passwordless). Creates user and wallet automatically.
Request Body
{
"email": "user@example.com",
"fullName": "John Doe",
"role": "USER"
}Response
{
"emailSent": true,
"email": "user@example.com"
}Example
fetch('https://auth.loopingbinary.com/api/auth/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
credentials: 'include',
body: JSON.stringify({
email: 'user@example.com',
fullName: 'John Doe'
})
})https://auth.loopingbinary.com/oauth/authorizeAuthorization consent screen - redirect users here to start OAuth flow
Query Parameters
client_idstringrequired,Your OAuth client IDredirect_uristringrequired,Your registered callback URLresponse_typestringrequired,Must be "code"scopestring,Space-separated scopes (e.g., "read profile")statestring,CSRF protection tokenExample
https://auth.loopingbinary.com/oauth/authorize?client_id=lb_xxx&redirect_uri=https://yourapp.com/callback&response_type=code&scope=read%20profile&state=xyz123https://app.loopingbinary.com/api/oauth/tokenExchange authorization code for access token (call from your backend)
Request Body
{
"grant_type": "authorization_code",
"code": "authorization_code_from_callback",
"redirect_uri": "https://yourapp.com/callback",
"client_id": "your_client_id",
"client_secret": "your_client_secret"
}Example
fetch('https://app.loopingbinary.com/api/oauth/token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
grant_type: 'authorization_code',
code: 'auth_code_here',
redirect_uri: 'https://yourapp.com/callback',
client_id: 'your_client_id',
client_secret: 'your_client_secret'
})
})https://app.loopingbinary.com/api/oauth/userinfoGet user information using access token
Headers
{
"Authorization": "Bearer {access_token}"
}Example
fetch('https://app.loopingbinary.com/api/oauth/userinfo', {
headers: {
'Authorization': 'Bearer your_access_token'
}
})