Skip to main content

Frequently Asked Questions

This FAQ answers common questions developers have when working with Quran.Foundation APIs.

How do I obtain OAuth2 credentials?​

Submit an application to receive your client_id and client_secret. These credentials let you request authorization tokens for accessing user data.

Content APIs provide read-only access to Quran data such as chapters, verses, recitations and translations. User-related APIs manage data tied to a specific Quran.Foundation account like bookmarks and notes.

How do I use x-auth-token and x-client-id headers?​

Include your OAuth2 access token in the x-auth-token header and your client ID in the x-client-id header when calling authenticated endpoints.

What are the best practices for refresh tokens?​

Store refresh tokens securely and reuse them until they expire. Refresh tokens allow you to obtain new access tokens without asking the user to re-authorize.

Can I use the demo credentials quran-demo/secret in production?​

No. These demo credentials are for testing only and should not be used in production applications.