PingOne Platform APIs

Step 4: Send an authorization request

GET {{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow

Use the GET {{authPath}}/{{envID}}/as/authorize operation to send an authorization request to the PingOne authorization server. This step queries the authorization server, and returns the flow ID as the id property in the response. You’ll use this flow ID in Step 5 to start the sign-on flow and submit your test user’s credentials.

In this request:

  • {{authPath}} is the geographic regional domain to use for authentication and authorization for your PingOne environment. The PingOne top-level domain is https://auth.pingone.com/ for the U.S. Refer to PingOne API domains for the top-level domains for other regions.

  • {{envID}} is the environment ID for the environment you created in the prior workflow to create your test environment.

These request query parameters are required:

  • response_type needs a value of code to correspond to the responseTypes value you set when creating the Web application in a prior step.

  • client_id is the application ID returned when you created the Web application in a prior step. This is represented by the value of the {{solutionAppID}} Postman variable written automatically to your Postman environment.

  • redirect_uri is one of the redirect URIs that you set when you created the Web application in a prior step.

  • response_mode directs the authorization server to return a JSON response instead of a redirect.

  • scope needs to be the OpenID Connect (OIDC) openid user claim that will be included in the token.

When successful, the request returns JSON that includes a flow ID and a status property to specify the next action in the sign-on flow. In this case, the flow status returns USERNAME_PASSWORD_REQUIRED.

Troubleshooting

  • Verify that {{envID}} is the ID for the new test environment you created.

  • Verify that you’ve set the variables used in the request body correctly.

  • Verify that {{authPath}} is correct for your geographic region.

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid&response_mode=pi.flow'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid&response_mode=pi.flow"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
GET /{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow HTTP/1.1
Host: {{authPath}}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow")
  .method("GET", body)
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow",
  "method": "GET",
  "timeout": 0,
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'GET',
  'url': '{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow',
  'headers': {
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow"

payload = {}
headers = {}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{solutionAppID}}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid&response_mode=pi.flow")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

200 OK

{
    "_links": {
        "usernamePassword.check": {
            "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/flows/03c69293-8ec6-4f4a-a60f-535eae4b7520"
        },
        "password.forgot": {
            "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/flows/03c69293-8ec6-4f4a-a60f-535eae4b7520"
        },
        "self": {
            "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/flows/03c69293-8ec6-4f4a-a60f-535eae4b7520"
        },
        "signOnPage": {
            "href": "https://apps.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/signon/?flowId=03c69293-8ec6-4f4a-a60f-535eae4b7520"
        }
    },
    "_embedded": {
        "application": {
            "name": "SolutionApp_1768234372"
        }
    },
    "id": "03c69293-8ec6-4f4a-a60f-535eae4b7520",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "resumeUrl": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/resume?flowId=03c69293-8ec6-4f4a-a60f-535eae4b7520",
    "status": "USERNAME_PASSWORD_REQUIRED",
    "createdAt": "2026-01-16T17:38:05.995Z",
    "expiresAt": "2026-01-16T17:53:05.996Z"
}