Foursquare uses two forms of authentication to best suit your use-case once your app is registered.

1. Userless Auth

This is used for server-side applications and others that don’t intend to require a Foursquare or Swarm user’s permissions.

2. User Auth

This is used when you require a Foursquare or Swarm user e.g. to get all the checkins for a given user.


Userless Auth

To make a userless request, specify your consumer key’s Client ID and Secret instead of an auth token in the request URL.

https://api.foursquare.com/v2/venues/search?ll=40.7,-74&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&v=YYYYMMDD

User Auth

iOS / Android Apps

Native auth is the easiest way for users to connect with Foursquare. Unlike the web-based OAuth flow documented below, our native flow leverages the Foursquare app already installed on your users’ phones, saving users the hassle of re-logging in to Foursquare within your app. Native auth is the only flow that supports users logging in to Foursquare using Facebook.

To use native auth, incorporate our utility classes for iOS or Android into your app. Additional instructions are provided in the repositories’ README files.

Web Applications

We use OAuth 2.0 to provide authorized access to our API. Here is a sample recommended work-flow:

Step 1

Direct users to Foursquare with your registered redirect uri.

https://foursquare.com/oauth2/authenticate
    ?client_id=YOUR_CLIENT_ID
    &response_type=code
    &redirect_uri=YOUR_REGISTERED_REDIRECT_URI

Step 2

If the user accepts, they will be redirected back to your URI with a code.

https://YOUR_REGISTERED_REDIRECT_URI/?code=CODE

Step 3

Your server should exchange the code it got in step 2 for an access token.

https://foursquare.com/oauth2/access_token
    ?client_id=YOUR_CLIENT_ID
    &client_secret=YOUR_CLIENT_SECRET
    &grant_type=authorization_code
    &redirect_uri=YOUR_REGISTERED_REDIRECT_URI
    &code=CODE

The response will be JSON.

{ "access_token": ACCESS_TOKEN }

Step 4

Once you have an access token, you can use any of the endpoints by just adding oauth_token=ACCESS_TOKEN to your GET or POST request. For example, from the command line, you can do:

curl https://api.foursquare.com/v2/users/self/checkins?oauth_token=ACCESS_TOKEN&v=YYYYMMDD