> ## Documentation Index
> Fetch the complete documentation index at: https://developers.vendaze.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Start authorization

> Redirects the user's browser to the Vendaze consent screen. **This endpoint must be opened in a browser. do not call it with fetch, axios, or any HTTP client.** The user must navigate to this URL so they can log in and approve access. Scopes are resolved from the app registration.



## OpenAPI

````yaml /en/api-reference/openapi.json get /oauth/authorize
openapi: 3.1.0
info:
  title: OAuth 2.1
  description: Endpoints for registering applications and managing OAuth 2.1 tokens.
  version: 1.0.0
  contact:
    name: Vendaze Support
    email: suporte@vendaze.com
servers:
  - url: https://api.vendaze.com
    description: Production
security:
  - bearerAuth: []
tags:
  - name: OAuth
  - name: People
  - name: Companies
  - name: Deals
  - name: Pipelines
  - name: Tasks
  - name: Task Types
  - name: Products
  - name: Tags
  - name: Lists
  - name: Custom Fields
  - name: Webhooks
paths:
  /oauth/authorize:
    get:
      tags:
        - OAuth
      summary: Start authorization
      description: >-
        Redirects the user's browser to the Vendaze consent screen. **This
        endpoint must be opened in a browser. do not call it with fetch, axios,
        or any HTTP client.** The user must navigate to this URL so they can log
        in and approve access. Scopes are resolved from the app registration.
      operationId: authorize
      parameters:
        - name: client_id
          in: query
          required: true
          schema:
            type: string
            format: uuid
          description: UUID of the OAuth application.
        - name: redirect_uri
          in: query
          required: true
          schema:
            type: string
            format: uri
          description: Redirect URI registered with the application.
        - name: response_type
          in: query
          required: true
          schema:
            type: string
            enum:
              - code
          description: Must be "code".
        - name: state
          in: query
          required: false
          schema:
            type: string
          description: >-
            Random string you generate. Returned unchanged in the callback.
            Strongly recommended to prevent CSRF attacks.
      responses:
        '302':
          description: Redirect to the Vendaze consent screen.
        '400':
          description: >-
            Invalid or missing parameter. Possible error codes:
            `invalid_request` (missing required parameter. message identifies
            which one, e.g. `"Missing required parameter: redirect_uri."`),
            `unsupported_response_type` (`response_type` is not `code`. message:
            `"response_type must be \"code\"."`), `invalid_request`
            (`redirect_uri` not registered. message: `"redirect_uri does not
            match any registered URI."`).
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error:
                  code: invalid_request
                  message: 'Missing required parameter: redirect_uri.'
                  request_id: 550e8400-e29b-41d4-a716-446655440000
        '401':
          description: >-
            App not found or inactive. Error code: `invalid_client`. Message:
            `"Invalid client credentials."`
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error:
                  code: invalid_client
                  message: Invalid client credentials.
                  request_id: 550e8400-e29b-41d4-a716-446655440000
        '429':
          $ref: '#/components/responses/RateLimitExceeded'
        '500':
          description: >-
            Authorization service unavailable. Error code: `internal_error`.
            Message: `"An unexpected error occurred."` Retry the request.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ErrorResponse'
              example:
                error:
                  code: internal_error
                  message: An unexpected error occurred.
                  request_id: 550e8400-e29b-41d4-a716-446655440000
      security: []
components:
  schemas:
    ErrorResponse:
      type: object
      properties:
        error:
          type: object
          properties:
            code:
              type: string
            message:
              type: string
            request_id:
              type: string
              format: uuid
  responses:
    RateLimitExceeded:
      description: 'Rate limit exceeded. Error code: `rate_limit_exceeded`.'
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            error:
              code: rate_limit_exceeded
              message: Rate limit exceeded. Try again in 60 seconds.
              request_id: 550e8400-e29b-41d4-a716-446655440000
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      description: OAuth 2.1 access token.

````