Security
Authentication
Foxpile separates browser sessions from OAuth bearer tokens. Users can establish their Foxpile session with Steam or Discord.
Authorization routes
| Client | Route | Use |
|---|---|---|
| Session | /login | Connect with Steam or Discord |
| Consent | /oauth/authorize | Authorize a registered web or bot client |
| Token | /oauth/token | Exchange a single-use authorization code |
Bearer token
Send the token in every protected request.
Authorization: Bearer YOUR_ACCESS_TOKEN
Keep secrets server-side
Never expose application secrets or long-lived tokens in browser bundles, public repositories, logs, or Discord messages.