Skip to main content

Request Authorization Code

Description

Invoke a request for an authorization code from a partner's platform.

Process Flow

  1. User selects to link their Apple Business account to their partner's account from within the partner's platform
  2. Partner platform generates an authorization request and passes into the request all required parameters

Authorization Request Parameters

NameInput
client_id
REQUIRED
code_challenge
REQUIRED
response_type
REQUIRED
redirection_endpoint
REQUIRED
state
REQUIRED

Response Type

MUST be code.

State

MUST be be a randomized value, not a URL-encoded value.

Authorization Request Structure

/oauth2/v1/authorize?client_id={clientId}&
code_challenge={codeChallenge}&response_type={responseType}&
redirect_uri={redirectionEndpoint}&state={state}

Example Authorization Request

/oauth2/v1/authorize?client_id=29352915982374239857&
code_challenge=asdhasfasdfh&response_type=code&
redirect_uri=https://www.third-party.com/authorization&state=xyzABC123
  1. Using the authorization request, the partner's platform directs the user to Apple Business, along with parameters
  2. Apple Business verifies that:
  • Authorization request has a corresponding, registered app in Apple Business
  • client_id and redirect_uri match the registered app
  1. Once verified, Apple Business stores the code_challenge and state values
  2. Launch Apple Business UI
  • If user is already logged into Apple Business, a list of approved companies they are a member of are displayed. Else, the user is prompted to login
  1. User selects one company
  2. Apple Business displays consent form
  3. Apple Business prompts user to allow or deny a partner's request to link the respective accounts
  4. If request is allowed, the Apple Business user is redirected to a partner-defined redirection endpoint:
  • Partner's platform captures the authorization code and the original state value
  • Partner's platform navigates the user to a partner-defined UI
note

code has a lifetime of five (5) minutes

Refer to Request Token for details about next steps.

Authorization Response Parameters

NameInput
code
REQUIRED

Example Authorization Response

{url}?code=g0ZGZmNjVmOWI&state=xyzABC123
Copyright © 2026 Apple Inc. All rights reserved.