Step One – Obtain Authorization Code
Redirect the user to the authorize endpoint oauth/v2/authorize:
(note that the query has been wrapped for legibility)
The user will be prompted to login. Once they do, Be1First will redirect back to the URL specified in redirect_uri with a code appended to the query.
It may look something like: https://your-redirect-uri.com?code=UNIQUE_CODE_STRING&state=UNIQUE_STATE_STRING
The state returned should be compared against the original to ensure nothing has been tampered with.
Step Two – Replace with an Access Token
Obtain the value of the code from Step One then immediately POST it back to the access token endpoint oauth/v2/token with:
(note that the post body has been wrapped for legibility)
The response returned should be a JSON encoded string:
This data should be stored in a secure location and used to authenticate API requests.