> ## Documentation Index
> Fetch the complete documentation index at: https://docs.developers.mijnklantportaal.nl/llms.txt
> Use this file to discover all available pages before exploring further.

# Authorize

> Ask the user permission to access their portal

<Info>Please note that the base URL for this endpoint is: `https://manage.mijnklantportaal.nl`</Info>

#### Query parameters

<ParamField query="client_id" type="string" required>
  ID of your application you got after registering it in the Developer portal.
</ParamField>

<ParamField query="redirect_uri" type="string" required>
  The URL where the user should be send to after accepting or declining the permission request.

  <Note>The URL **must** be registered with your application in the Developer portal.</Note>
</ParamField>

<ParamField query="state" type="string" required>
  A random string generated by your application to prevent CSRF attacks. This value will be returned
  in the redirect back to your application.
</ParamField>

<ParamField query="scope" type="string" required>
  A, with spaces separated, string with the [OAuth Scopes](/oauth/scopes) you want access to.

  Example: `customers.read customer.write invoices.read`
</ParamField>

<ParamField query="prompt" type="string" default="consent">
  Can be `consent` or `login`.
</ParamField>

<ParamField query="response_type" type="string" required>
  The type of response you want to return. This should always be `code`.
</ParamField>

#### Response

The user decides to accept or reject your request. After that, we send the user back to your `redirect_uri` and include
some information for your application. We add some query parameters to your URL:

**In case of an approval:**

<ParamField query="code" type="string">
  The Authorization code which you need to exchange for the actual Access and Refresh tokens.

  <Tip>This code is valid for just a short amount of time. Exchange it as soon as you get it.</Tip>
</ParamField>

<ParamField query="state" type="string">
  The string you set upon request. You have to check if the string matches the one you have set to ensure CSRF protection.
</ParamField>

**In case of a rejection or error:**

<ParamField query="error" type="string">
  The error code.
</ParamField>

<ParamField query="error_description" type="string">
  A human-readable description of the error occured.
</ParamField>
