Requesting the Authorization Code

Get OAuth 2.0 Authorization Code

Once your application has been registered and you’ve obtained the Client ID, the next step is to request an authorization code. This code is a temporary credential that you will later exchange for an access token.

This step is executed directly by the third-party system via an HTTP GET request to Evia Sign’s authorization endpoint.

Authorization Code Request URL

GET /_apis/falcon/auth/oauth2/authorize

Initiates the OAuth 2.0 Authorization Code Flow.

This endpoint is used to request an authorization code by passing your application's credentials and configuration details as query parameters. The response will redirect to your registered redirect_url with an authorization code that can be used to request an access token.

Required Query Parameters

Parameter
Required
Description

application_state

✅ Yes

Static value, typically set to external for external integrations.

resource

✅ Yes

The resource type being accessed; usually RESOURCE_APPLICATION.

client_id

✅ Yes

Your application's unique Client ID received during app registration.

scope

✅ Yes

The permission scope being requested (e.g., Sign Falcon Licensing).

response_type

✅ Yes

Must be set to code to receive an authorization code.

Example Authorization URL

http://evia.enadocapp.com/_apis/falcon/auth/oauth2/authorize?
application_state=external&
resource=RESOURCE_APPLICATION&
client_id=YOUR_CLIENT_ID&
scope=Sign%20Falcon%20Licensing&
response_type=code

How It Works

  1. Build the URL using your client_id, desired scope, and other parameters.

  2. Send the request using a server-side GET call to the authorization URL.

  3. If the request is valid, Evia Sign will redirect the response to your provided redirect_url, appending the authorization code in the URL.

Example Redirect Response

If the request is successful, the user is redirected to your application’s callback URL:

?code=received-auth-code

Your application must extract the code parameter from this URL. This code is then used in the next step (token exchange) to receive an access token.

Last updated

Was this helpful?