Skip to main content
Skip table of contents

Authorization Code Grant

OAuth 2.0 Authorization Framework standard specification can be found in The OAuth 2.0 Authorization Framework

1. Login

Returns login page for a user to authenticate

CODE
Endpoint:
GET /{langCode}/auth

Headers:
Content-Type:application/x-www-form-urlencoded

Query: 
response_type=code
client_id={app’s client_id}
redirect_uri={redirect uri}
theme={dark|red|light|accessibility|any other theme from myq}

"scope" parameter has to be present when requesting the authorization code from the server, otherwise the request for a token later ends with "invalid parameter".

2. One time access code receiving

After login process is completed server will point user to provided redirect_uri with generated access code included as url parameter

CODE
Endpoint:
HTTP/1.1 302 Found
Headers:
Location: {redirect_uri}

Query: 
code={generated one time access code}

3. Retrieving an access token

Authentication token endpoint: POST /api/auth/token

If authentication happens, you'll receive an access token that must be provided at any other API endpoint. "scope" parameter here is not required and actually is ignored. “redirect_uri” parameter is required and must match the “redirect_uri” from the authorization request

Example Request

CODE
Endpoint:
POST /api/auth/token

Headers:
Content-Type:application/json

Query:
grant_type="authorization_code"
client_id={app client_id}
client_secret={app secret}
code={generated one time access code}
redirect_uri={redirect_uri}

Example Response

CODE
{
	"access_token": "{your_bearer_token}",
	"token_type": "Bearer",
	"expires_in": 1800,
	"scope": "{granted scopes}"
}
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.