Basic Auth

Some environments do not support webviews and redirects, and therefore cannot use OAuth. Apps and games with this restriction can implement their own login forms using the MOTAR basic auth API.

Basic auth is less secure than OAuth, and is therefore only available on certain platforms. In addition, basic auth access must be approved by an MOTAR administrator before an app can use this API.

Reminder: if you are using an app/client ID in sandbox, you must use sandbox.motar.ioas the endpoint for your requests. Requests to api.motar.iowith a sandbox client ID will fail!

Reminder: new apps connecting to MOTAR should use PKCE flow, as it offers more security. MOTAR may deprecate Implicit flow in the future.

Login User


Logs in a user with a basic auth header. Note that MOTAR does not support basic auth for normal routes (i.e. an Authorization Basic header). Users can login via a basic auth header using this route, which will grant authorization and refresh tokens as if the user logged in via the standard OAuth flow. For security reasons, an app must have basic auth login enabled by a MOTAR administrator before this route can be used.





Client ID for your app from MOTAR Studio.



Expects "Basic <basic auth token>". A basic auth token is the user's handle and password separated by a colon (":") and base 64 encoded.

Empty response body.

Last updated