Description and Details
This API endpoint is used in the OAuth 2.0 Authorization Code flow. It allows the user to authorize a specific access consent using a one-time password (OTP). Once authorized, the authorization server issues an authorization code, which can be exchanged for an access token. This flow ensures that the user has explicitly approved third-party access to their account data or functionality.
Endpoint
https://api-dev-isolution.xyz/opentest/authorize
Verb Method
GET
Headers Request Parameters
| Header Key | Value | Required | Description |
|---|---|---|---|
| Content-Type | application/json | Optional | Indicates content type (mostly not needed for GET) |
| Accept | application/json | Optional | Expected response format |
| User-Agent | Custom string | Optional | Browser or client info (default in browsers) |
Body Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| client_id | string | Yes | The registered application's client ID |
| state | string | Yes | A unique value to maintain session state and prevent CSRF |
| redirect_uri | string | Yes | The URI to which the user will be redirected after approval |
| response_type | string | Yes | Should be code (for authorization code flow) |
| scope | string | Yes | Defines the level of access requested (e.g., read) |
| consent_id | string | Yes | The unique identifier of the user's access consent |
| otp | string | Yes | The one-time password used to validate the user session |
Response Parameters
| Parameter | Type | Description |
|---|---|---|
| code | string | Authorization code issued by the authorization server. Used to request token. |
| state | string | The same state value sent in the request. Used to maintain session integrity. |
HTTP Codes
| Code | Meaning |
|---|---|
| 302 | Found – Redirect to redirect_uri with code |
| 400 | Bad Request – Missing or invalid parameters |
| 401 | Unauthorized – Invalid OTP or expired consent |
| 403 | Forbidden – Consent not permitted |
| 500 | Internal Server Error |
