Foxpile

Security

Authentication

Foxpile separates browser sessions from OAuth bearer tokens. Users can establish their Foxpile session with Steam or Discord.

Authorization routes

ClientRouteUse
Session/loginConnect with Steam or Discord
Consent/oauth/authorizeAuthorize a registered web or bot client
Token/oauth/tokenExchange a single-use authorization code

Bearer token

Send the token in every protected request.

Authorization: Bearer YOUR_ACCESS_TOKEN

Keep secrets server-side

Never expose application secrets or long-lived tokens in browser bundles, public repositories, logs, or Discord messages.