Skip to main content
POST
/
auth
/
grant
/
code
Initiate a client grant request
curl --request POST \
  --url https://app.dynamicauth.com/api/v0/auth/grant/code \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_type": "cli",
  "client_metadata": {
    "name": "<string>",
    "version": "<string>",
    "hostname": "<string>",
    "os": "<string>"
  }
}
'
{
  "grant_code": "<string>",
  "user_code": "<string>",
  "verification_uri": "<string>",
  "verification_uri_complete": "<string>",
  "expires_in": 123,
  "interval": 123
}

Documentation Index

Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

Request body for POST /auth/grant/code. client_type is required so the authorizing user always sees what kind of client they are approving; pass other if no specific category fits.

client_type
enum<string>
required

Type of first-party client being authorized. cli for the dyn CLI, mcp for an MCP server, demo for demo applications oauth-ing into redcoast, ide-plugin for editor extensions, and other as a catch-all.

Available options:
cli,
mcp,
demo,
ide-plugin,
other
client_metadata
object

Optional metadata sent at grant request time so the authorizing user can recognize the client in the management UI. Every field is optional — a CLI may know its hostname, an embedded MCP server may not.

Response

Grant initiated.

Response from POST /auth/grant/code. Returns the long-secret grant_code that only the polling client should ever see, plus a short user_code that the user verifies on the dashboard authorize page.

grant_code
string
required

Long random secret used by the client to poll for the result.

user_code
string
required

Short code shown to the user (XXXX-XXXX, no ambiguous chars).

verification_uri
string<uri>
required

Where the user goes to authorize the request.

verification_uri_complete
string<uri>
required

verification_uri with ?code={user_code} appended.

expires_in
integer
required

Seconds until the grant expires (typically 900 = 15 min).

interval
integer
required

Minimum seconds between polling attempts (typically 5).