Get authorization code
The first step in getting access to data via Akoya is to send your user to an Akoya authorization URL. Akoya will direct your user through the account login and account authorization process and on success, will redirect them back to a URL you specify with an authorization code.
The request URL
Include the following parameters in your URL's path:
URL path parameter | Description |
Base URL | Sandbox authorization URL: {{tenant.sandboxIdpURL}}/auth |
connector | The Akoya identifier for the data provider your user will be logging in to. Akoya takes this identifier and directs the user through the appropriate FI's login flow. For sandbox testing purposes, use Mikomo |
client_id | Your application's client ID from Akoya. |
redirect_uri | The redirect URI that you registered with Akoya for that client ID. Akoya will validate that the redirect URI exactly matches the one registered, to prevent malicious redirects. |
response_type | The OAuth 2 grant type being requested. Akoya only accepts code, indicating that the application expects to receive an authorization code if successful. |
scope | Space separated values to request levels of access. Currently all are required: openid offline_access profile. |
state | Any random string generated by your application. Akoya will include this state value back to your application upon completion of the authorization request for you to validate, in order to prevent CSRF attacks. We recommend the value of state being at least 8 characters long. |
This is a browser redirect that will return an authorization code and not an API response.
Once your app receives the authorization code, you can present the code to Akoya in exchange for an ID token.
For more on the authorization request process and tokens used in the Akoya , see: "Token overview."
Build your own URL
There are minor differences between sandbox and production authorization URLs, as detailed below:
Sandbox parameter values | Production parameter values |
{{tenant.sandboxIdpURL}}/auth? | {{tenant.prodIdpURL}}/auth? |
connector=Mikomo& | connector={providerId}& |
client_id={clientId}& | client_id={clientId}& |
response_type=code& | response_type=code& |
redirect_uri={client-redirect-URL}& | redirect_uri={client-redirect-URL}& |
scope=openid profile offline_access& | scope=openid profile offline_access& |
state={state} | state={state} |
Replace CLIENT_ID in the example below and paste into a browser window.
Note: The sandbox default redirect URI is used in this example. If your app is using {{tenant.portalBaseURL}}/flow/callback you only need to replace your client id.