> ## Documentation Index
> Fetch the complete documentation index at: https://docs-sandbox.sparkle.fyi/llms.txt
> Use this file to discover all available pages before exploring further.

# Authorize by code

> Request access to obtain authorization token from the bank by code



## OpenAPI

````yaml openapi.yaml get /oauth2/authorize
openapi: 3.0.0
info:
  title: Open API
  version: v1
  contact:
    name: Sparkle
    email: support@sparkle.ng
    url: https://sparkle.ng
  description: >
    The Regulatory Framework for Open Banking in Nigeria established principles
    for data sharing across the banking and payments system to promote
    innovations and broaden the range of financial products and services
    available to bank customers. As a result, open banking recognizes the
    ownership and control of data by customers of financial and non-financial
    services, and their right to grant authorizations to service providers for
    the purpose of accessing innovative financial products and services.


    ## What this document is about

    This is a draft of the API specification standards designed to be used in
    compliance with the Central Bank of Nigeria (CBN) operational guidelines on
    open banking within the Nigerian financial ecosystem.


    ## Scope

    Given the open banking proposition, any organisation that has data of
    customers which may be exchanged with other entities for the purpose of
    providing innovative financial services within Nigeria, is eligible to
    participate in the Open Banking ecosystem.


    ## Authentication

    Authorization to API endpoints is performed using OAuth 2.0 Client
    Credentials flow.


    https://apis.openbanking.ng/#d9bd2beb-bb24-4ac3-95c4-7fc3d4f486c3
servers:
  - url: '{authUrl}'
    variables:
      authUrl:
        default: https://identity-sandbox.sparkle.fyi
        description: Authentication URL
  - url: '{apiUrl}'
    variables:
      apiUrl:
        default: https://api-sandbox.sparkle.fyi/openapi/v1
        description: Base URL for the API
security: []
tags:
  - name: DynamicClientRegistration
    description: Dynamic client registration endpoints
  - name: Consent
    description: Authentication and authorization endpoints
  - name: Meta
    description: Meta information endpoints
  - name: Health
    description: Health check endpoints
  - name: Customers
    description: Customer management endpoints
  - name: Accounts
    description: Account management endpoints
  - name: Transfers
    description: Transaction and transfer related endpoints
  - name: Bill Payments
    description: Bill payment related endpoints
  - name: Disputes
    description: Dispute management endpoints
  - name: Direct Debits
    description: Direct debit management endpoints
  - name: Cards
    description: Card management and transaction endpoints
  - name: Loans
    description: Loan management endpoints
  - name: Savings
    description: Savings management endpoints
paths:
  /oauth2/authorize:
    get:
      tags:
        - Consent
      summary: Authorize by code
      description: Request access to obtain authorization token from the bank by code
      operationId: authorizeByCode
      parameters:
        - name: response_type
          in: query
          required: true
          schema:
            type: string
          description: Response type for the authorization
          example: code
        - name: client_id
          in: query
          required: true
          schema:
            type: string
          description: Client ID for the authorization
          example: TqCXV0LQd7o6RmEArIgoghmZBHUa
        - name: redirect_uri
          in: query
          required: true
          schema:
            type: string
          description: Redirect URI for the authorization
          example: http://idp.avidrone.co.uk/callback
        - name: scope
          in: query
          required: true
          schema:
            type: string
          description: Scope of the authorization
          example: >-
            openid customers.readonly customers.update accounts.create
            accounts.list.readonly accounts.balance.readonly accounts.update
            accounts.transactions.readonly accounts.holds.readonly
            accounts.holds.create accounts.holds.update
            transfers.transactions.enquiry transfers.transactions.create
            transfers.transactions.query transfers.transactions.callback
            bills.categories.list bills.billers.list bills.bill.validate
            bills.transactions.create disputes.categories.list
            disputes.report.create disputes.report.readonly direct-debits.create
            direct-debits.update direct-debits.list direct-debits.readonly
            direct-debits.transaction.create direct-debits.transaction.callback
            cards.list cards.update cards.create loans.list savings.list
            savings.transactions.list
        - name: state
          in: query
          required: true
          schema:
            type: string
          description: State of the authorization
      responses:
        '301':
          description: Redirect to the authorization URL
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '500':
          $ref: '#/components/responses/InternalServerError'
components:
  responses:
    BadRequest:
      description: Bad request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/BadRequestError'
    Unauthorized:
      description: Unauthorized request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/UnauthorizedError'
    Forbidden:
      description: Forbidden request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ForbiddenError'
    InternalServerError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/InternalServerError'
  schemas:
    BadRequestError:
      type: object
      properties:
        status:
          type: string
          description: The 8583 standard response code
          example: '01'
        error_code:
          type: string
          description: The specific Open Banking Nigeria error code
          example: MISSING_FIELD
        message:
          type: string
          description: A human-readable message describing the error
          example: The field is missing
        data:
          type: object
          description: Extra information about the error
    UnauthorizedError:
      type: object
      properties:
        status:
          type: string
          description: The 8583 standard response code
          example: '02'
        message:
          type: string
          description: A human-readable message describing the error
          example: The authentication failed
        data:
          type: object
          description: Extra information about the error
    ForbiddenError:
      type: object
      properties:
        status:
          type: string
          description: The 8583 standard response code
          example: '03'
        message:
          type: string
          description: A human-readable message describing the error
          example: You are not allowed to perform this operation
        data:
          type: object
          description: Extra information about the error
    InternalServerError:
      type: object
      properties:
        status:
          type: string
          description: The 8583 standard response code
          example: '05'
        message:
          type: string
          description: A human-readable message describing the error
          example: An unknown error occurred
        data:
          type: object
          description: Extra information about the error

````