Step 2: Obtain Authorization Code

To use the Nxsys API, the users must authenticate on every API call by providing the Access Token.

The access token, in return, must be obtained from a grant token (authorization code). The Nxsys APIs use the authorization code grant type to provide access to protected resources.

Prerequisites

  • Client ID
  • Client Secret
  • Redirect URI
If you don't have a client ID, client secret, and redirect URI, you can create a client application in the Nxsys Admin.
Create a Client Application

Steps

  1. Construct the Authorization URL
    Create a URL with the following parameters:
    {{nxsys_base_url}}/oauth/authorize?
  responseType=code&
  clientId=YOUR_CLIENT_ID&
  redirectUri=YOUR_REDIRECT_URI&
  state=RANDOM_STATE_STRING

    Replace the placeholders with your actual values.
    Nxsys Base URL
    Learn more about the Nxsys Base URL
    ParameterDescription
    responseTypeMust be set to code for the authorization code flow
    clientIdYour application's client ID obtained during client application creation
    redirectUriThe URL where the user will be redirected after authorization
    stateA random string to maintain state between the request and callback
  2. Redirect the User
    Direct the user to this URL. They will be prompted to log in and authorize your application.
  3. Handle the Callback
    After authorization, the user will be redirected to your redirectUri with a code parameter:
    https://your-redirect-uri.com/callback?code=AUTHORIZATION_CODE&state=RANDOM_STATE_STRING
  4. Verify the State
    Ensure the state parameter matches the one you sent in step 1 to prevent CSRF attacks.
  5. Extract the Authorization Code
    The code parameter in the URL is your authorization code.
The authorization code is short-lived and can only be used once. Typically, it expires after 10 minutes.

Next, you'll use this authorization code to exchange for an access token.

Table of Contents