Skip to main content

Frequently Asked Questions

This FAQ answers common questions developers have when working with Quran.Foundation APIs.

Why should I block automatic translation on Quran text returned by the API?โ€‹

The API already delivers peer-reviewed translations. Auto-translating them can distort meaning and create theological inaccuracies. Disable auto-translation using the HTML/CSP techniques linked in the Quick Start guide.

How do I obtain OAuth2 credentials?โ€‹

Submit an application to receive your client_id and client_secret. These credentials let you request authorization tokens for accessing user data.

What is the difference between Content APIs and User-related APIs?โ€‹

Content APIs provide read-only access to Quran data such as chapters, verses, recitations and translations. User-related APIs manage data tied to a specific Quran.Foundation account like bookmarks and notes.

How do I use x-auth-token and x-client-id headers?โ€‹

Include your OAuth2 access token in the x-auth-token header and your client ID in the x-client-id header when calling authenticated endpoints.

What are the best practices for refresh tokens?โ€‹

Store refresh tokens securely and reuse them until they expire. Refresh tokens allow you to obtain new access tokens without asking the user to re-authorize.

Can I use the demo credentials quran-demo/secret in production?โ€‹

No. These demo credentials are for testing only and should not be used in production applications.