Ask a user permission to use his account for your app

GET /oauth/authorize

Generate an URL for this endpoint in your app and show the page to your user in a web environment. If needed he will be asked to sign in and give your app permission to use his account for the api. When the user gave his permission we redirect back to your app (in redirect_uri) and you receive a code in the redirect URI which you can use to request an access token.

Request

Query string (URL)

Append the querystring with following properties to the URL.

A dictionary with fields

Field Type Description
response_type String String. Should be equal to 'code'
client_id ApiClient String value. The client_id of the application that is making the request. Each application has it's own unique client_id that can be obtained on request.
redirect_uri URL When the user allows or denies access to give your app access, we'll redirect the browser back to this URL and add the code and state query parameters. Please note that you need to register your redirect_uri's in our system in order for them to be used, or they will get rejected. So your redirect_uri should not change on each request.
scope ScopeList The scope parameter is a space-separated list of OAuth scopes, indicating which parts of the user's account you'd like your app to be able to access. The complete list of scopes can be found by clicking on the ScopeList type.
code_challenge String PKCE extension. BASE64-encoded string of the SHA256 hash of the code verifier (if possible, but strongly recommended). The code verifier is a cryptographically random string, generated by the client for each new authentication request, using the characters A-Z, a-z, 0-9, and the punctuation characters -._~ (hyphen, period, underscore, and tilde), between 43 and 128 characters long.
state String Optional. Recommended. To prevent CSRF attacks. Send a unique state on the client that is only known by the client and compare this state with the state returned in the redirect. If it is not the same, it should get rejected.
code_challenge_method String Optional. PKCE extension. Either plain or S256, depending on whether the challenge is the plain verifier string or the SHA256 hash of the string. If this parameter is omitted, the server will assume plain.

Example request 1

GET /oauth/authorize?response_type=code&client_id=264ade60a4ca76716a53056cecb171c027586dc722d6cf5ba40b1519de78170910d9ce0602c776f9&redirect_uri=https%3A%2F%2Fexample.com&scope=company%3Aread+company%3Awrite&code_challenge=...&state=...&code_challenge_method=S256 HTTP/1.1
Host: accounts.bakeronline.be
X-VERSION: 1.7.0
Accept-Language: en-US,en;q=0.5

Response

Example response 1

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 5

"..."
Version update available Please adjust your integration to the latest stable version (1.8.0)
1.7.0 stable