API Reference
O Auth
OAuth 2.0 authentication flow
GET
/oauth/authorizeStart OAuth Authorization
Start the OAuth 2.0 authorization code flow. Redirect users to this endpoint
to request permission to make payments on their behalf.
query parameters
| Name | Type | Description |
|---|---|---|
| client_id* | string | Your application identifier example: "my-app" |
| redirect_uri* | string<uri> | URL to redirect after authorization |
| state* | string | CSRF protection token (returned unchanged) |
| scope | string default: "payments:sign balance:read" | Space-separated scopes |
| response_type* | "code" | Must be "code" |
| code_challenge | string | PKCE code challenge (recommended) |
| code_challenge_method | "S256" default: "S256" | PKCE method |
| prompt | "none" | "consent" | "login" | Controls consent behavior: - `none`: Silent auth only (error if consent needed) - `consent`: Force consent screen - `login`: Force re-authentication |
Responses
302Redirect to consent page or callback
400Invalid request parameters
Example (cURL)
curl -X GET 'https://api.agnic.ai/oauth/authorize?client_id=my-app&redirect_uri=%3Cvalue%3E&state=%3Cvalue%3E&response_type=%3Cvalue%3E' \
-H 'X-Agnic-Token: YOUR_TOKEN'POST
/oauth/tokenExchange Tokens
Exchange authorization code for access token, or refresh an access token.
Request body *
oneOf
| Field | Type | Description |
|---|---|---|
| grant_type* | "authorization_code" | |
| code* | string | |
| redirect_uri* | string<uri> | |
| client_id* | string | |
| code_verifier | string | PKCE code verifier |
| Field | Type | Description |
|---|---|---|
| grant_type* | "refresh_token" | |
| refresh_token* | string |
Responses
200Tokens issued successfully
| Field | Type | Description |
|---|---|---|
| access_token | string | |
| refresh_token | string | |
| token_type | string | example: "Bearer" |
| expires_in | integer | Seconds until expiration |
| scope | string |
400Invalid grant
Example (cURL)
curl -X POST 'https://api.agnic.ai/oauth/token' \
-H 'X-Agnic-Token: YOUR_TOKEN' \
-H 'Content-Type: application/json' \
-d '{"key":"value"}'GET
/.well-known/oauth-authorization-serverOAuth Server Metadata
OAuth 2.0 Authorization Server Metadata (RFC 8414)
Responses
200Server metadata
| Field | Type | Description |
|---|---|---|
| issuer | string | |
| authorization_endpoint | string | |
| token_endpoint | string | |
| scopes_supported | string[] | show nested schemaarray of string |
| response_types_supported | string[] | show nested schemaarray of string |
| grant_types_supported | string[] | show nested schemaarray of string |
Example (cURL)
curl -X GET 'https://api.agnic.ai/.well-known/oauth-authorization-server' \
-H 'X-Agnic-Token: YOUR_TOKEN'