Skip to main content

Generate Authorization Code

Loading...
API endpoint path: /v1/auth-code

Generates an OAuth 2.0 authorization code for a signed-in user and a client application. The returned authorization code can be exchanged for an access token with the OAuth V2 token endpoint using the authorization_code grant type.

Requests must use application/x-www-form-urlencoded encoding and include a valid Bearer access token in the Authorization header.

Use this endpoint to:

  • Issue an authorization code after the user has authenticated and approved access to a third-party client application.
  • Specify API and resource scopes to be bound to the resulting access token when the code is exchanged.
  • Initiate the OpenID Connect (OIDC) authorization flow by providing nonce, aud, or requested_scopes parameters in the request.
  • Obtain a short-lived authorization code and redirect_uri to complete the OAuth 2.0 authorization code grant.

Behavior and requirements:

  • scopes parameter must be a non-empty subset of the client application's allowed-scopes Apigee attribute.
  • API and resource scopes are specified in scopes; OpenID Connect scopes (for example, openid, profile, offline_access) are specified in requested_scopes.
  • The client identified by client_id must differ from the client associated with the Bearer token; self-authorization is not permitted.

Note: Call Authorize Client first to retrieve approved scopes and authorization-flow settings for the client application.

Request

Responses

Success