# Requesting the Authorization Code

## Get OAuth 2.0 Authorization Code

Once your application has been registered and you’ve obtained the **Client ID**, the next step is to request an **authorization code**. This code is a temporary credential that you will later exchange for an access token.

This step is executed directly by the third-party system via an HTTP `GET` request to Evia Sign’s authorization endpoint.

### Authorization Code Request URL

<mark style="color:green;">`GET`</mark> `/_apis/falcon/auth/oauth2/authorize`

Initiates the OAuth 2.0 Authorization Code Flow.&#x20;

This endpoint is used to request an authorization code by passing your application's credentials and configuration details as query parameters. The response will redirect to your registered `redirect_url` with an authorization code that can be used to request an access token.

### Required Query Parameters

| Parameter           | Required | Description                                                               |
| ------------------- | -------- | ------------------------------------------------------------------------- |
| `application_state` | ✅ Yes    | Static value, typically set to `external` for external integrations.      |
| `resource`          | ✅ Yes    | The resource type being accessed; usually `RESOURCE_APPLICATION`.         |
| `client_id`         | ✅ Yes    | Your application's unique **Client ID** received during app registration. |
| `scope`             | ✅ Yes    | The permission scope being requested (e.g., `Sign Falcon Licensing`).     |
| `response_type`     | ✅ Yes    | Must be set to `code` to receive an authorization code.                   |

### Example Authorization URL

```http
http://evia.enadocapp.com/_apis/falcon/auth/oauth2/authorize?
application_state=external&
resource=RESOURCE_APPLICATION&
client_id=YOUR_CLIENT_ID&
scope=Sign%20Falcon%20Licensing&
response_type=code
```

### How It Works

1. **Build the URL** using your `client_id`, desired `scope`, and other parameters.
2. **Send the request** using a server-side `GET` call to the authorization URL.
3. If the request is valid, Evia Sign will **redirect** the response to your provided `redirect_url`, appending the **authorization code** in the URL.

### Example Redirect Response

If the request is successful, the user is redirected to your application’s callback URL:

```json
?code=received-auth-code
```

Your application must **extract the `code` parameter** from this URL. This `code` is then used in the next step (token exchange) to receive an access token.