What is the Playground?
The Grantex Playground is a browser-based, interactive walkthrough of the entire Grantex authorization protocol. It lets you execute real API calls against the Grantex auth service and see every request and response — no backend, no signup, no installation.
Getting Started
- Open the playground — Visit grantex.dev/playground.
- Click “Start Demo” — The playground uses a built-in public sandbox key, so no signup or API key is needed.
- Walk through each step — Click “Run” on each step to execute the API call and see the response.
- (Optional) Click “Advanced” to use your own sandbox key or a custom server URL.
The 7 Steps
The playground walks you through the complete Grantex lifecycle:
Features
- Auto-populated values — Each step auto-fills values from previous steps (agent ID, auth code, grant token, refresh token, JTI).
- JWT decoding — Grant tokens are decoded inline with human-readable claim labels (issuer, principal, agent DID, scopes, grant ID, etc.).
- Syntax-highlighted JSON — All request bodies and responses are displayed with color-coded JSON.
- Status badges — Each step shows its current state: Pending, Running, Done, or Error.
- Sandbox mode — The playground uses sandbox mode, which auto-approves consent and returns the authorization code directly — no redirect needed.
- Zero dependencies — Pure HTML/CSS/JS, no build step, no framework. Runs entirely in the browser.
Sandbox Mode
The playground relies on Grantex’s sandbox mode. When you call POST /v1/authorize, the auth service detects that you’re using a sandbox/free-tier API key and:
- Skips the consent redirect flow
- Auto-approves the authorization request
- Returns the authorization
code directly in the response
This means you can complete the full flow without any browser redirects or user interaction — perfect for learning and testing.
Using Your Own Server
If you’re self-hosting Grantex, change the Server URL in the configuration panel to point to your own auth service instance. The playground works with any spec-compliant Grantex server.
Security Notes
- The playground uses a built-in public sandbox key by default. This key only authenticates a sandbox-mode developer with auto-approved consent, no real user data, and free-plan rate limits — it is intentionally public.
- If you use your own API key, it is never stored — it stays in browser memory only for the duration of your session.
- All API calls go directly from your browser to the Grantex auth service over HTTPS.
- The playground does not send any API key to any third-party service.
- Agents and grants created in the playground are real — you can view and manage them in your developer dashboard.
Last modified on March 5, 2026