Step 2:Authorization Request

Learn how to request authorization using the specified parameters. Also, deal with the different scenarios after you request authorization.

The next step is to request an authorization code using the client_id, response_type, redirect_uri, scope, state. As a customer, you can request an authorization code using the client_id, response_type, redirect_uri, scope, state.

This can be done by redirecting to the following URL with client-specific details: {OAUTH_URL}/v1/oauth/authorize?client_id=(Replace with client_id received in Step 1&response_type=code&redirect_uri={client_redirect_url}&scope=plum_pro_api&state={client_state}

Different parameters associated with this URL are described below:

Parameter Name

Description

OAUTH_URL(required)

URL used to post the authorization code which is then exchanged for an access token

client_id(required)

The unique client id received post registration

response_type (required)

Xoxoday supports code as response type, replace response_type with code

redirect_uri(required)

Unique company URL shared in Step 1 to receive client ID and secret

scope(required)

plum_pro_api

State (optional, recommended)

It will be sent back as a URL parameter, with access code, when we redirect back to your redirect uri

Based on the parameters defined in the redirect URL, two scenarios can occur: 1.User getting redirected to the authorization consent page as shown below:

This will appear if all parameters in the redirection URL are valid and the user is authenticated Now as an action, if the user clicks on allow, he will be redirected to the following URL

{client_redirect_url}?code=exxxx69660xxxxa6413c17d897xxxxx99&state={client_state}

If the user denies access, then we will redirect to the following URL.

{client_redirect_url}?error=access_denied&error_description=The+user+denied+the+request&state={client_state}

Different parameters associated with the above two URL are described below:

Parameter Name

Description

client_redirect_url

Same as redirect URI shared in Step 1

code

Temporary token created on account of client allowed access, valid for 5 minutes

client_state

Same as given in Step 2

2. User landing to the login/signup page shown below: