Auth API
OAuth 2.0 authentication endpoints. Use these to authorize client applications, obtain consent, and exchange authorization codes for access tokens using the authorization code flow with PKCE.
List available scopes
Returns all OAuth 2.0 scopes that can be requested during authorization. Each scope grants access to a specific set of API operations. This endpoint is public and does not require authentication.
Response fields
-
- Name
-
scopes - Type
- array<object>
- Required
- Optional
- Description
- The list of available OAuth scopes.
Authorize a client application
Initiates the OAuth 2.0 authorization code flow with PKCE support. Redirects the user to a consent screen if they haven't previously approved the requested scopes. If consent was already granted, immediately issues an authorization code and redirects back to the client.
Query parameters
-
- Name
-
client_id - Type
- string
- Required
- Optional
- Description
-
- Name
-
redirect_uri - Type
- string
- Required
- Optional
- Description
-
- Name
-
scope - Type
- string
- Required
- Optional
- Description
-
- Name
-
state - Type
- string
- Required
- Optional
- Description
-
- Name
-
code_challenge - Type
- string
- Required
- Optional
- Description
-
- Name
-
code_challenge_method - Type
- string
- Required
- Optional
- Description
Submit user consent decision
Submits the user's consent decision for the requested scopes. If approved, redirects to the client's redirect_uri with an authorization code. If denied, redirects with an error parameter.
Request body
-
- Name
-
client_id - Type
- string
- Required
- Optional
- Description
-
- Name
-
redirect_uri - Type
- string
- Required
- Optional
- Description
-
- Name
-
scope - Type
- string
- Required
- Optional
- Description
-
- Name
-
state - Type
- string
- Required
- Optional
- Description
-
- Name
-
code_challenge - Type
- string
- Required
- Optional
- Description
-
- Name
-
code_challenge_method - Type
- string
- Required
- Optional
- Description
-
- Name
-
decision - Type
- string
- Required
- Optional
- Description
Error responses
-
- Name
-
400 - Type
- error
- Description
- Invalid request parameters or body
Exchange authorization code for access token
Exchanges an authorization code for an access token using the OAuth 2.0 token endpoint. Requires client_id, client_secret, the authorization code, and the redirect_uri used during authorization. If PKCE was used during authorization, the code_verifier must also be provided.
Request body
-
- Name
-
client_id - Type
- string
- Required
- Optional
- Description
-
- Name
-
client_secret - Type
- string
- Required
- Optional
- Description
-
- Name
-
redirect_uri - Type
- string
- Required
- Optional
- Description
-
- Name
-
code - Type
- string
- Required
- Optional
- Description
-
- Name
-
code_verifier - Type
- string
- Required
- Optional
- Description
-
- Name
-
grant_type - Type
- string
- Required
- Optional
- Description
Response fields
-
- Name
-
access_token - Type
- string
- Required
- Optional
- Description
- The access token string used to authenticate API requests.
-
- Name
-
token_type - Type
- string
- Required
- Optional
- Description
- The type of token issued (e.g. "Bearer").
-
- Name
-
scope - Type
- string
- Required
- Optional
- Description
- The scope of access granted by the token.
Error responses
-
- Name
-
400 - Type
- error
- Description
- Invalid request parameters or body