> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flinks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# /OAuth/Authorize

> Use the /OAuth/Authorize endpoint if you are using a custom API integration and want to establish a secure connection using OAuth 2.0 technology.

Establish a secure connection using OAuth 2.0 for custom API integrations.

The endpoint responds with a `302` — grab the URL from the `Location` header and present it to the end user to complete their financial institution login.


## OpenAPI

````yaml GET /v3/oauth/authorize
openapi: 3.0.3
info:
  title: Flinks API
  description: >
    Flinks API provides financial data connectivity, enrichment, and payment
    solutions.


    ## Authentication

    Endpoints require authentication using `flinks-auth-key` header (Bearer
    token).


    For more information, visit: https://docs.flinks.com
  version: 3.0.0
  contact:
    name: Flinks Support
    url: https://www.flinks.com/contact/sales
  termsOfService: https://www.flinks.com
servers:
  - url: https://{instance}-api.private.fin.ag
    description: Flinks API Environment
    variables:
      instance:
        default: toolbox
        description: The environment instance (e.g., toolbox, sandbox, production)
security: []
tags:
  - name: Authorization
    description: Endpoints for generating authorization tokens and authenticating requests
  - name: Enrich - Consumer Attributes
    description: Consumer financial attribute analysis and credit risk assessment
paths:
  /v3/oauth/authorize:
    get:
      tags:
        - Authorization
      summary: OAuth Authorize
      description: >-
        Use the /OAuth/Authorize endpoint if you are using a custom API
        integration and want to establish a secure connection using OAuth 2.0
        technology.
      operationId: oauthAuthorize
      parameters:
        - name: institution_id
          in: query
          required: false
          description: The end-user's financial institution.
          schema:
            type: string
        - name: redirect_uri
          in: query
          required: false
          description: >-
            URL that redirects the end-user back to your app or website after
            completing the OAuth flow.
          schema:
            type: string
        - name: state
          in: query
          required: false
          description: >-
            A unique string that you can randomly generate and link to this
            request to establish legitimacy. For the request to be successful,
            this string must be validated to confirm it's being passed with the
            correct request. The value of this field can be anything you want.
            This is an OAuth 2.0 standard and adds an extra layer of security.
          schema:
            type: string
        - name: lang
          in: query
          required: false
          description: >-
            Two-character abbreviation that specifies the language. Possible
            values include: - `en` = English - `fr` = French If this field is
            left empty, the default value is set to `en`.
          schema:
            type: string
            default: en
        - name: tag
          in: query
          required: false
          description: >-
            Custom name that's assigned to the request for identification and
            tracking purposes.
          schema:
            type: string
        - name: recipientId
          in: query
          required: false
          description: >-
            Specifies the Data Recipient who receives the data, only if the
            instance is associated with multiple Data Recipients.
          schema:
            type: string
        - name: Accept
          in: header
          required: true
          description: Acceptable response media type.
          schema:
            type: string
            default: text/plain
      responses:
        '302':
          description: Redirect Response
          content:
            text/html:
              schema:
                type: string
              example: |
                <html>
                <head>
                  <title>Submit Form</title>
                  <meta name="referrer" content="origin" />
                  <meta http-equiv="x-ua-compatible" content="IE=edge" />
                </head>
                <body onload="javascript:document.forms[0].submit()">
                  <noscript>
                    <p>
                      <strong>Note:</strong> Since your browser does not support JavaScript, you must press the Resume button once to proceed.
                    </p>
                  </noscript>
                  <form method="post" action="https://ob.flinksapp.com/api/v1/agentless">
                    <input type="hidden" name="REF" value="613D213BC21A4480DBC844AABC852EFDB129387225AE7317A77B7A56400C"/>
                    <input type="hidden" name="allowInteraction" value="true"/>
                    <input type="hidden" name="scope" value="ACCOUNT_BASIC ACCOUNT_DETAILED ACCOUNT_PAYMENTS INVESTMENTS TRANSACTIONS STATEMENTS CUSTOMER_CONTACT CUSTOMER_PERSONAL"/>
                    <input type="hidden" name="provider_id" value="4003"/>
                    <input type="hidden" name="response_type" value="code"/>
                    <input type="hidden" name="connectionId" value="dc-patrfyrs91n711c9jlmtsru97"/>
                    <input type="hidden" name="redirect_uri" value="https://toolbox-api.private.fin.ag/v3/43387ca6-0391-4c82-857d-70d95f087ecb/openbanking/callback"/>
                    <input type="hidden" name="state" value="jc1LCoAwDADRu2Rtjdag4G1i2qJYP7QBFfHuegT385gbJuiha9vKSk3GO7KGXNcYdhSMdQ1XQrUEClBA+tJRdc894s7XMem4XAOvcynbglk5KfpTfVo5onCMA8v8ufx38bw="/>
                    <input type="hidden" name="resumePath" value="/as/1PT1G/resume/as/authorization.ping"/>
                    <input type="hidden" name="lang" value="en"/>
                    <input type="hidden" name="client_id" value="dc-patrfyrs91n711c9jlmtsru97"/>
                    <input type="hidden" name="reauth" value="false"/>
                    <noscript><input type="submit" value="Resume"/></noscript>
                  </form>
                </body>
                </html>
        '400':
          description: Response Body
          content:
            application/json:
              schema:
                type: object
                properties:
                  lang:
                    type: array
                    items:
                      type: string
                    description: Validation error messages for the lang parameter.
              example:
                lang:
                  - The field Lang must be a valid ISO-639-1 two letter code.
      security: []

````