> For the complete documentation index, see [llms.txt](https://doc.med2lab.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://doc.med2lab.com/med2lab-api/api-authentication/oauth-flow.md).

# OAuth flow

This endpoint is triggered by the user opening this page in their browser with the following query parameters in the URL. The user will be presented with the option to authorize your app access to the user's Med2Lab account. If approved, your app will receive an authorization code in return. In the next request, you will exchange that code for an actual access token via a server-side call.

## Initialize OAuth flow.

<mark style="color:green;">`POST`</mark> `http://dev-api.med2lab.com/o/token/`  &#x20;

Redirect the user to this URL with the following query parameters to start the OAuth flow. Once the user approves access (or if they have already approved), the user will be redirected to the appropriate redirect URI (specified in the app's configuration) with an authorization code that can be exchanged for an access token.

#### Request Body

| Name                                             | Type   | Description        |
| ------------------------------------------------ | ------ | ------------------ |
| grant\_type<mark style="color:red;">\*</mark>    | string | Authorization code |
| username<mark style="color:red;">\*</mark>       | string | user name          |
| password<mark style="color:red;">\*</mark>       | string | password           |
| client\_id<mark style="color:red;">\*</mark>     | string | App ID             |
| client\_secret<mark style="color:red;">\*</mark> |        | App Secret         |

{% tabs %}
{% tab title="200 Pet successfully created" %}

```json
{
    "access_token": "k5XBpu3GGIAgSpm4Z4Al8nDsWLkvF0",
    "expires_in": 36000,
    "token_type": "Bearer",
    "scope": "read write",
    "refresh_token": "88eoh1kVZFQcVEX0Zz29Urd4IQ6G2r"
}
```

{% endtab %}

{% tab title="400: Bad Request Permission denied" %}

```json
{
    "error": "invalid_grant",
    "error_description": "Invalid credentials given."
}
```

{% endtab %}
{% endtabs %}

## Example

{% tabs %}
{% tab title="Postman" %}
Lets setup the HTTP POST request&#x20;

In the **Body** tab, enter your credentials as bellow.

```python
grant_type: password
client_id: <client_id>
client_secret: <client_secret>
username: <username>
password: <password>
```

<figure><img src="/files/uimudarjvtIrAN0C88Zt" alt=""><figcaption></figcaption></figure>
{% endtab %}

{% tab title="cURL" %}

```bash
curl --location 'http://dev-api.med2lab.com/o/token/' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'username=<user_name>' \
--data-urlencode 'password=<password>' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'client_secret=<client_secret>'

```

{% endtab %}

{% tab title="Python" %}

```python
import http.client

conn = http.client.HTTPSConnection("dev-api.med2lab.com")
payload = 'grant_type=password&username=<user_name>&&password=<password>&client_id=<client_id>&client_secret=<client_secret>'
headers = {
  'Content-Type': 'application/x-www-form-urlencoded'
}
conn.request("POST", "/o/token/", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
```

{% endtab %}

{% tab title="Go" %}

```go

package main

import (
  "fmt"
  "strings"
  "net/http"
  "io/ioutil"
)

func main() {

  url := "http://dev-api.med2lab.com/o/token/"
  method := "POST"

  payload := strings.NewReader("grant_type=password&username=<user_name>&password=<password>&client_id=<client_id>&client_secret=<client_secret>")

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, payload)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
  req.Header.Add("Authorization", "Bearer BylZux9z7tL84NKu2hewgZZFXeiDp4")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := ioutil.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
```

{% endtab %}

{% tab title="C#" %}

```csharp
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, "http://dev-api.med2lab.com/o/token/");
var collection = new List<KeyValuePair<string, string>>();
collection.Add(new("grant_type", "password"));
collection.Add(new("username", <user_name>));
collection.Add(new("password", "<password>"));
collection.Add(new("client_id", "<client_id>"));
collection.Add(new("client_secret", "<client_secret>"));
var content = new FormUrlEncodedContent(collection);
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());

```

{% endtab %}
{% endtabs %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.med2lab.com/med2lab-api/api-authentication/oauth-flow.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.