This section contains the calls needed to set up an OAuth authorization flow on the Ellipsis Drive API.

Ellipsis Drive supports the authorization code grant type with optional PKCE for additional security. This security measure is particularly important for apps that have cannot maintain the confidentiality of the client secret such as single-page apps, mobile apps and native apps. Note that for the use of the OAuth authorization flow you'll need to register yourself as an OAuth client, which commercial accounts can do at the 'My organization' tab of their profile.

The flow of the authorization code grant type is as follows:

1. The user is redirected to Ellipsis Drive to grant authorization by using the /authorize endpoint.

2. The user is redirect back to a given redirection endpoint with an authorization code.

3. Your backend exchanges the authorization code for an access token and a refresh token at the /token endpoint.

4. The access token can now be used to make API requests on behalf of the user.

5. The refresh token can be exchanged for new access and refresh tokens at the /token endpoint when the access token expires.

The three API calls below are needed for the execution of this authorization flow.