# Univeral Login {% hint style="info" %} API\_BASE\_URL: {% endhint %} ## Sign in with FSL ID It is a universal login solution to be integrated into your products. The solution is built upon [OAuth 2.0](https://oauth.net/2/). The integration experience is pretty much similar to OAuth 2.0. ### Get Authorization Code `Get` `/api/account/oauth/authorize` Get the authorization code to start with. **Parameters**

Name	Mandatory?	Description
`response_type`	Y	Grant type. Use the value "`code`" to get an `authorization code.`
`appkey`	Y	The unique `appkey` for your App.
`redirect_uri`	Y	The redirect URL address after authorization success. The `authorization code` with be returned to the redirect URL. The `redirect_uri`should be url-encoded.
`scope`	N	Grant Scope. Refer to the definitions for more details. Only request `basic` scope when the parameter is not given.
`state`	N	A developer-specified parameter to validate or bring special information. The parameter will be brought to the redirect URL.

**Returns** Authorization code which will be expired in 5 minutes. **Request Example** ```sh curl https://$API_BASE_URL/api/account/oauth/authorize \ -d "response_type=code" \ -d "appkey=1234" \ -d "redirect_uri=https%3A%2F%2Fmydomain.com%2Fredirect" \ -d "scope=basic" \ -d "state=test" ``` **Response** {% tabs %} {% tab title="200" %} ```json https://mydomain.com/redirect?code=AUTHORIZATION_CODE&state=test ``` {% endtab %} {% endtabs %} After the FSL ID verification and scope grant success, the system will redirect to the redirect URL with the `authorization code` and `state` parameter. ### Get access token and refresh token `POST` `/api/account/oauth/token` Get access token and refresh token **Header** | Name | Value | | ------------ | ----------------------------------- | | Content-Type | `application/x-www-form-urlencoded` | **Parameters**

Name	Mandatory?	Description
`authorization_code` `refresh_token`	Y	Provide either Authorization code or refresh_token
`grant_type`	Y	Should be "authorization_code" or "refresh_token".
`appkey`	Y	The unique `appkey` for your App.
`appsecret`	Y	The `appsecret` for your App.
`redirect_uri`	N	The token in json will be `POST` to `redirect_uri` if provided.

**Request Example** ```sh curl -X POST \ --header 'Content-Type: application/x-www-form-urlencoded' \ -d "appkey=1234" \ -d "appsecret=abcd" \ -d "grant_type=authorization_code" \ -d "authorization_code=code" \ -d "redirect_uri=REDIRECT_URL" \ https://$API_BASE_URL/api/account/oauth/token ``` **Response** {% tabs %} {% tab title="200" %} ```json { "code": 0, "data": { "access_token": "access token", "refresh_token": "refresh token", "access_token_expires_in": 86400, "refresh_token_expires_in": 2592000 } } ``` {% endtab %} {% tab title="Error Code" %} ``` 208003: Authorization code expired ``` {% endtab %} {% endtabs %} ### Get access token without Authorization Code `Get` `/api/account/oauth/authorize` Get the access token directly from a server-less app. **Parameters**

Name	Mandatory?	Description
`response_type`	Y	Must be "`token`" to get an `access token.`
`appkey`	Y	The unique `appkey` for your App.
`redirect_uri`	Y	The redirect URL address after authorization success. The `access token` with be returned to the redirect URL. The `redirect_uri`should be url-encoded.
`scope`	N	Grant Scope. Refer to the definitions for more details. Only grant `basic` scope if parameter not given.
`state`	N	A developer-specified parameter to validate or bring special information. The parameter will be brought to the redirect URL.

**Returns** access token which will expire in 1 day. **Request Example** ```sh curl https://$API_BASE_URL/api/account/oauth/authorize \ -d "response_type=token" \ -d "appkey=1234" \ -d "redirect_uri=https%3A%2F%2Fmydomain.com%2Fredirect" \ -d "scope=basic" \ -d "state=test" ``` **Response** {% tabs %} {% tab title="200" %} ```json https://mydomain.com/redirect?access_token=ACCESS_TOKEN&state=test ``` {% endtab %} {% endtabs %} ### Get User Profiles `Get` `/api/account/party/user` Get the user profiles under grant scope **Header** | Name | Value | | ------------- | ----------------------- | | Content-Type | `application/json` | | Authorization | `Bearer ` | **Request Example** ```sh curl --location 'https://$API_BASE_URL/api/account/party/user' \ --header 'Authorization: Bearer access_token' ``` **Response** {% tabs %} {% tab title="200" %} ```json { "code": 0, "data": { "name": "Nickname", "fslUid": 6338505, "email": "test@gmail.com", "profileImage": "https://xxxx.com/profile.png", "walletAddr": { "solana": "", "evm": "" } } } ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://id-docs.fsl.com/developers/univeral-login.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.