BBaton Login Preparation Overview Integration BBaton Login Button WordPress Plugin App SDK Preparation BBaton App SDK
Docs / BBaton API / Overview

Overview

BBaton Login runs on the global standard OAuth 2.0 authentication protocol. This document is meant to help you understand the overall execution structure before moving into step-by-step implementation documents.

ProtocolOAuth 2.0
Supported EnvironmentsPC web · mobile web
Core FlowCode → Token → API
Privacy Handlingpseudonymized adult-eligibility data

01 BBaton Login flow

BBaton Login is provided as an open API and is designed to fit your web policies and UI/UX. For website integrations, the full structure becomes easy to understand when you view it in three stages: authorization code request, token request, and user information request.

A request token must always be issued before requesting user information. In other words, the flow does not end with successful login: you must exchange the authorization code for a token before calling user-related APIs.

FLOW 01

Request authorization code

The application requests an authorization code from the BBaton server.

FLOW 02

Redirect delivery

Once user authentication is completed, the authorization code is delivered to the redirect URL.

FLOW 03

Request token

The client server requests a token with the received authorization code and processes the response.

FLOW 04

Request user information

The issued token is then used to request user information after token validity is confirmed.

Process Between the application (website) and the BBaton server, the flow proceeds in this order: 1) request authorization code 2) deliver the code through the redirect URL 3) request a token using the authorization code 4) receive the token 5) request user information with the token 6) receive user information.

02 Verification model and user experience

BBaton Login, built on OAuth 2.0, verifies whether the user is an adult during the authorization-code step through the user’s BBaton account ID and password. This adult-eligibility value can be understood in the context of pseudonymized-data usage under Korea’s 2020 data-law revisions.

If the user is already logged in with a BBaton account, the code can be issued immediately without requesting account details again. On PC web, the guide assumes login is completed through the account ID and password without additional verification factors.

03 BBaton Login introduction order

The BBaton Login introduction flow follows the four steps below. Detailed implementation continues in the next document, Integration, with step-by-step parameters and code examples.

Order
Step
Purpose
Notes
01
Request authorization code
Start login
Enter user authentication
02
Receive authorization code via redirect URI
Receive code
Requires server-side handling
03
Request token with authorization code
Issue token
Use Basic authentication
04
Request user information with token
Call API
Use Bearer / token_type
← Previous Preparation