API Reference
Start typing to search…
  1. Authentication
  2. /v1/authorize

Authorization Endpoint

get
https://openapi.tigerfintech.com/oauth2/v1/authorize

User authorization.

The redirected URI will includes three query parameters code, scope, and state, which are explained in User Authorization, as shown below:

http://localhost:3846/callback?code=FMshefOQLlDr9MlnmqvYfHtuwHc9Z8i0rmlNCfTgAXI.ANWTllIRbRl9NILsLBbC-sbGyTHQfnaQp8a9vT9A9Gs&scope=uuid+api.basic%3Aread&state=erw34123we43234423e4

User Login

If the User is not logged in (automatically determined by the cookie value of the user's browser), the Server will return HTTP status code 303 to redirect the browser to the login page, and the complete authorization request information is carried in the next query parameter. After the User successfully logs in, the browser will automatically redirect back to the Authorization Endpoint to complete the subsequent authorization process.

Error Response

If the client_id does not exist, or the redirect_uri is not valid, the Authorization Server will display the error to the user without redirecting back to the App.

If any other error occurs, the Authorization Server will redirect back to redirect_uri with error, error_description, and state parameters. If response_mode is provided in the request, the Authorization Server will construct the redirection using the requested mode.

For explanation of errors, please refer to Section 5.2 of RFC6749.

Examples

User not logged in

curl --request GET \
  --url 'https://openapi-sandbox.tigerfintech.com/oauth2/v1/authorize?client_id=3e8a7a0c39ce4aa4ad2655b70a5d995e&response_type=code&scope=uuid%20api.basic%3Aread&audience=openapi&redirect_uri=http%3A%2F%2Flocalhost%3A3846%2Fcallback&state=erw34123we43234423e4'

Redirect the User's browser to Tiger OpenAPI's login page.

HTTP/1.1 303 See Other
Date: Wed, 19 Oct 2022 05:38:47 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 487
Connection: keep-alive
Location: https://openapi-sandbox.tigerfintech.com/login?client_id=3e8a7a0c39ce4aa4ad2655b70a5d995e&redirect_uri=https%3A%2F%2Fopenapi-sandbox.tigerfintech.com%2Foauth2%2Fv1%2Fauthorize%3Faudience%3Dopenapi%26client_id%3D3e8a7a0c39ce4aa4ad2655b70a5d995e%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A3846%252Fcallback%26response_type%3Dcode%26scope%3Duuid%2Bapi.basic%253Aread%26state%3Derw34123we43234423e4&response_type=code&scope=uuid+api.basic%3Aread
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD, DELETE, PUT
Access-Control-Allow-Headers: Referer,Accept,Origin,User-Agent,Authorization,NT,X-CustomHeader,Keep-Alive,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Connection,DNT,x-ca-key,x-ca-timestamp,x-ca-nonce,x-ca-signature
Access-Control-Expose-Headers: Verification-Url
Access-Control-Max-Age: 1000
Server: TIGR

After the user successfully loginin, redirect the User's browser back to Authorization Endpoint, then redirect the User's browser again to redirect_uri.

HTTP/1.1 303 See Other
Date: Wed, 19 Oct 2022 05:40:02 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: http://localhost:3846/callback?code=FMshefOQLlDr9MlnmqvYfHtuwHc9Z8i0rmlNCfTgAXI.ANWTllIRbRl9NILsLBbC-sbGyTHQfnaQp8a9vT9A9Gs&scope=uuid+api.basic%3Aread&state=erw34123we43234423e4
Pragma: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD, DELETE, PUT
Access-Control-Allow-Headers: Referer,Accept,Origin,User-Agent,Authorization,NT,X-CustomHeader,Keep-Alive,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Connection,DNT,x-ca-key,x-ca-timestamp,x-ca-nonce,x-ca-signature
Access-Control-Expose-Headers: Verification-Url
Access-Control-Max-Age: 1000
Server: TIGR

User Already logged in

curl --request GET \
  --url 'https://openapi-sandbox.tigerfintech.com/oauth2/v1/authorize?client_id=3e8a7a0c39ce4aa4ad2655b70a5d995e&response_type=code&scope=uuid%20api.basic%3Aread&audience=openapi&redirect_uri=http%3A%2F%2Flocalhost%3A3846%2Fcallback&state=erw34123we43234423e4' -H 'Cookie: oauth2_session=a9828804-97c2-4b2d-a64d-90becceda366'

Redirect the User's browser to redirect_uri.

HTTP/1.1 303 See Other
Date: Wed, 19 Oct 2022 05:44:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: http://localhost:3846/callback?code=BzmWW7_PH3gVXhm5rPvwKsywumdtkI65T8PW9w8gTWw.ElxmmakhXEAFbA0nZ75OJJzRHaX9zIMV487qyNPYBsI&scope=uuid+api.basic%3Aread&state=erw34123we43234423e4
Pragma: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD, DELETE, PUT
Access-Control-Allow-Headers: Referer,Accept,Origin,User-Agent,Authorization,NT,X-CustomHeader,Keep-Alive,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Connection,DNT,x-ca-key,x-ca-timestamp,x-ca-nonce,x-ca-signature
Access-Control-Expose-Headers: Verification-Url
Access-Control-Max-Age: 1000
Server: TIGR

Error

curl --request GET \
  --url 'https://openapi-sandbox.tigerfintech.com/oauth2/v1/authorize?client_id=3e8a7a0c39ce4aa4ad2655b70a5d995e&response_type=code&scope=uuid%20api.basic%3Awrite&audience=openapi&redirect_uri=http%3A%2F%2Flocalhost%3A3846%2Fcallback&state=erw34123we43234423e4' -H 'Cookie: oauth2_session=a9828804-97c2-4b2d-a64d-90becceda366'

Redirect the User's browser to redirect_uri.

HTTP/1.1 303 See Other
Date: Wed, 19 Oct 2022 05:48:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: http://localhost:3846/callback?error=invalid_scope&error_description=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed.+The+OAuth+2.0+Client+is+not+allowed+to+request+scope+%27api.basic%3Awrite%27.&state=erw34123we43234423e4
Pragma: no-cache
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS, HEAD, DELETE, PUT
Access-Control-Allow-Headers: Referer,Accept,Origin,User-Agent,Authorization,NT,X-CustomHeader,Keep-Alive,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Connection,DNT,x-ca-key,x-ca-timestamp,x-ca-nonce,x-ca-signature
Access-Control-Expose-Headers: Verification-Url
Access-Control-Max-Age: 1000
Server: TIGR

Request IP not in the whitelist error:

{"error":"invalid_client","error_description":"Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The access IP is not in the allow list."}

Missing some required param or the code is expired error:

Code expired time is 10 minute

{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Make sure that the various parameters are correct, be aware of case sensitivity and trim your parameters. Make sure that the client you are using has exactly whitelisted the redirect_uri you specified."}

The redirect_uri is incorrect error:

The redirect uri needs to match the callback address reserved in the Tiger backend

{"error":"invalid_grant","error_description":"The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. The 'redirect_uri' from this request does not match the one from the authorize request."}
Language
Click Try It! to start a request and see the response here!