Start OAuth2 web flow

get

https://oauth2.mercury.com/oauth2/auth

Initiates the OAuth2 authorization flow. Redirects the user to Mercury's consent page.

Query Params

client_id

string

required

The client ID you received from Mercury when you registered the client.

redirect_uri

string

required

The URL in your application where users will be sent after authorization. Must match one of the URLs registered with the client.

scope

string

A space-separated list of scopes that your client requests.

state

string

An unguessable random string, at least 8 characters long, used to protect against cross-site request forgery attacks.

response_type

string

required

Tells the authorization server which type of grant to execute. Must have value "code".

code_challenge

string

Required for clients with PKCE flow. Base64-URL-encoded string of the SHA256 hash of the code verifier.

code_challenge_method

string

Required for clients with PKCE flow. Must have value S256, the SHA256 function used to hash the code challenge.

Responses

400

Invalid code_challenge_method or code_challenge or response_type or state or scope or redirect_uri or client_id

Language

Response

Click Try It! to start a request and see the response here!

302