# OAuth2 Authentication
Setup credentials following the instructions on [Configuration](https://synconics.gitbook.io/rest-api/connection/configuration). When you have obtained a `client_id` and a `client_secret` you can try out OAuth 2.0 `resapi/1.0/common/oauth2` the flow goes as follows to get authorized:
**Note**
**OAuth endpoints:**
1. [GET {your\_Odoo\_server\_url}/restapi/1.0/common/oauth2/authorize](#1.-resource-owner-authorization) (Resource Owner Authorization endpoint)
2. [POST {your\_Odoo\_server\_url}/restapi/1.0/common/oauth2/access\_token](#2.-token-credentials-request) (Token Credentials Request endpoint)
### 1. Resource Owner Authorization
User authorization through redirection. First, we will create an authorization URL from the base URL given by Odoo and the credentials previously obtained.
**`GET /restapi/1.0/common/oauth2/authorize`**
**`Request:`**
```
GET /restapi/1.0/common/oauth2/authorize HTTP/1.1
Host: {your_Odoo_server_url}
Authorization: OAuth client_id='uwCrAHAQbL7D9cvJLIztNaZ0bziEGMDh',
state='Y1Ux1iNPvn6KYQK5Lj84WJ9VJrQw1L',
redirect_uri='https%3A%2F%2F127.0.0.1%2Fcallback',
response_type='code'
```
**Response:**
```
HTTP/1.1 200 OK
{
'code': 'dcee1806d2c50d0fb598',
'state': 'Y1Ux1iNPvn6KYQK5Lj84WJ9VJrQw1L'
}
```
**Query Parameters:**
* **client\_id** – Odoo `consumer key`
* **state** – Specifies any additional URL-encoded state data to be returned in the callback URL after approval.
* **redirect\_uri** – An absolute URL to which the Odoo will redirect the User back when the obtaining User Authorization step is completed.
* **response\_type** – This must be `code` for this authentication flow.
| Headers and Status Codes | Description |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Request Headers | - Accept – the response content type depends on Accept header
- Authorization – The OAuth protocol parameters to authenticate.
|
| Response Headers | |
| Status Codes | |
### 2. Token Credentials Request
Fetch an access token from the Odoo using the authorization code obtained during user authorization.
**`POST /restapi/1.0/common/oauth2/access_token`**
**Request:**
```
POST /restapi/1.0/common/oauth2/access_token HTTP/1.1
Host: {your_Odoo_server_url}
Authorization: OAuth client_id='uwCrAHAQbL7D9cvJLIztNaZ0bziEGMDh',
client_secret='FtHzOQVEs0aSEL9AXuIe9k7X6E2MekU7',
redirect_uri='https%3A%2F%2F127.0.0.1%2Fcallback',
code='dcee1806d2c50d0fb598'
grant_type='authorization_code'
```
**Response:**
```
HTTP/1.1 200 OK
{
'access_token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIn',
'token_type': 'bearer',
'access_token_validity': '7/20/2017 12:00:05',
'refresh_token': 'ZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ'
}
```
**Query Parameters:**
* **client\_id** – Odoo `consumer key`
* **client\_secret** – Odoo `consumer secret`
* **redirect\_uri** – An absolute URL to which the Odoo will redirect the User back when the obtaining User Authorization step is completed.
* **code** – Authorization code the consumer must use to obtain access and refresh tokens.
* **grant\_type** – Value must be `authorization_code` for this flow.
| Headers and Status Codes | Description |
| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Request Headers | - Accept – the response content type depends on Accept header
- Authorization – The OAuth protocol parameters to authenticate.
|
| Response Headers | |
| Status Codes | |