Skip to main content

Frequently Asked Questions

This FAQ answers common questions developers have when working with Quran.Foundation APIs.

Why should I block automatic translation on Quran text returned by the API?

The API already delivers peer-reviewed translations. Auto-translating them can distort meaning and create theological inaccuracies. Disable auto-translation using the HTML/CSP techniques linked in the Content APIs Quickstart Guide.

How do I obtain OAuth2 credentials?

Submit an application to receive your client_id and client_secret. These credentials let you request authorization tokens for accessing user data.

What is the difference between Content APIs and User-related APIs?

Content APIs provide read-only access to Quran data such as chapters, verses, recitations and translations. User-related APIs manage data tied to a specific Quran.Foundation account like bookmarks and notes.

How do I use x-auth-token and x-client-id headers?

Include your OAuth2 access token in the x-auth-token header and your client ID in the x-client-id header when calling authenticated endpoints.

What are the best practices for refresh tokens?

Store refresh tokens securely and reuse them until they expire. Refresh tokens allow you to obtain new access tokens without asking the user to re-authorize.

Can I use the demo credentials quran-demo/secret in production?

No. These demo credentials are for testing only and should not be used in production applications.

How do I redirect users back to my app after logout?

Include the post_logout_redirect_uri parameter when calling the logout endpoint and pass id_token_hint (the ID token from the login response). The redirect URI must be pre-registered in your OAuth2 client's post_logout_redirect_uris configuration. If post_logout_redirect_uri is set without id_token_hint, the logout request will be rejected.

See Logout with Redirect for implementation examples.

How do I display my app's logo on the consent page?

Your logo is displayed automatically if logo_uri is configured in your OAuth2 client registration. See Client Configuration for details on setting up your client metadata.