> ## Documentation Index > Fetch the complete documentation index at: https://www.dynamic.xyz/docs/llms.txt > Use this file to discover all available pages before exploring further. # Read public-safe metadata about a pending grant > Used by the dashboard authorize page to render `Authorize {clientName}?` before the user clicks Approve. Requires the dashboard user to be authenticated. Does NOT return the `grant_code` — only the metadata that's safe to display in a logged-in browser. ## OpenAPI ````yaml https://app.dynamic.xyz/api-docs/public-api.yaml get /auth/grant/peek openapi: 3.0.1 info: title: Dashboard API description: Dashboard API documentation version: 1.0.0 servers: - url: https://app.dynamicauth.com/api/v0 - url: https://app.dynamic.xyz/api/v0 - url: http://localhost:3333/api/v0 security: [] tags: - name: Analytics description: Query usage analytics and event counts for your environment. - name: SDK description: SDK-facing endpoints consumed by embedded Dynamic clients. - name: Organizations description: >- Manage organizations — the top-level container for all environments and projects. - name: Projects description: Manage projects that group related environments under an organization. - name: Environments description: >- Manage environments (live and sandbox) where your authentication configuration lives. - name: Users description: List, search, and manage authenticated users within an environment. - name: Invites description: >- Manage invitation links that grant specific external users access to your environment. - name: Tokens description: >- Create and manage API tokens used to authenticate requests to the Dynamic API. - name: Origins description: >- Configure allowed origins (CORS) for SDK and API access to your environment. - name: Allowlists description: >- Manage allowlists to control which wallet addresses or email addresses can access your environment. - name: Wallets description: View and manage wallets linked to users in your environment. - name: Members description: Manage team members and their roles within an organization. - name: Sessions description: View and revoke active user sessions within an environment. - name: Settings description: Read and update environment-level configuration settings. - name: Exchanges description: >- Configure exchange integrations (Coinbase, Binance, etc.) for fiat on-ramp within your environment. - name: Providers description: >- List, enable, disable, and configure authentication providers (OAuth, email, wallet, SMS, etc.) for your environment. - name: Captcha description: >- Configure captcha verification (provider, site key, secret key) for your environment. - name: Gates description: >- Define access gates that restrict environment entry to users who meet specific criteria. - name: Chains description: >- Manage the blockchain networks available for wallet connection in your environment. - name: Exports description: Export user and wallet data from your environment as downloadable files. - name: Events description: Browse the event log of actions performed within your environment. - name: Webhooks description: >- Create and manage webhooks to receive real-time events (user.created, wallet.linked, etc.) at your endpoint. - name: Custom Fields description: >- Define and manage custom metadata fields collected from users at sign-up or login. - name: MfaSettings description: >- Configure multi-factor authentication (MFA) policies for your organization. - name: Mfa description: Manage MFA enrollment and verification for individual users. - name: CustomHostnames description: >- Configure custom hostnames for white-labeling the Dynamic authentication experience. - name: TestAccount description: >- Manage test accounts used for automated testing and QA within an environment. - name: NameServices description: >- Configure name service integrations (ENS, Unstoppable Domains, etc.) for human-readable wallet addresses. - name: GlobalWallets description: >- Manage global wallets shared across multiple environments in an organization. - name: GlobalWalletConnections description: Configure which environments can access and use global wallets. - name: GlobalWalletAccessControl description: Control which users and roles can access and operate global wallets. - name: UserApiTokens description: >- Create and manage user-scoped API tokens for programmatic access on behalf of a user. - name: Waas description: Wallet-as-a-Service endpoints for creating and managing embedded wallets. - name: WalletConnect description: Configure WalletConnect integration settings for your environment. - name: Checkout description: >- Accept crypto payments and deposits from any wallet. Settle in any token you choose. - name: Flow description: >- Accept crypto payments, deposits, and withdrawals. Amount and destination are fixed server-side at create; the post-create lifecycle is driven with a capability session token. - name: Custom Networks description: >- Add and manage custom EVM-compatible networks beyond the built-in chain list. - name: Chainalysis description: >- Configure Chainalysis integration for blockchain address screening and risk assessment. - name: Visits description: Track and query user visit activity within your environment. - name: ExternalJwt description: >- Configure external JWT providers so existing auth tokens can be used with Dynamic. - name: SDK Views description: >- Manage SDK view configurations that customize the appearance of Dynamic modals and flows. - name: DeeplinkUrls description: Configure deep link URLs for mobile app integration with the Dynamic SDK. - name: OrganizationSettings description: >- Read and update organization-level settings such as approval workflow configuration. - name: AdminActions description: >- Manage admin action requests that require approval from another administrator. - name: ClientGrant description: | OAuth 2.0 Device Authorization Grant flow (RFC 8628) used by first-party Dynamic clients (CLI, MCP server, demo apps, IDE plugins) to obtain a revocable, 30-day client JWT without ever seeing the user's dashboard session token. - name: AuthorizedClients description: | Manage first-party clients (CLI / MCP / demo / IDE plugins) authorized to act as a dashboard user. Surfaced under Profile → Authorized Clients. paths: /auth/grant/peek: get: tags: - ClientGrant summary: Read public-safe metadata about a pending grant description: | Used by the dashboard authorize page to render `Authorize {clientName}?` before the user clicks Approve. Requires the dashboard user to be authenticated. Does NOT return the `grant_code` — only the metadata that's safe to display in a logged-in browser. operationId: peekGrant parameters: - in: query name: user_code required: true schema: type: string description: The user_code from the URL `?code=` query param. responses: '200': description: Grant metadata. content: application/json: schema: $ref: '#/components/schemas/GrantPeekResponse' '401': $ref: '#/components/responses/Unauthorized' '404': description: Unknown or expired user_code. '500': $ref: '#/components/responses/InternalServerError' components: schemas: GrantPeekResponse: description: > Response from `GET /auth/grant/peek?user_code=...`. Used by the dashboard authorize page to render `Authorize {clientName}?` before the user clicks Approve. Does NOT return the grant_code — only the public-safe metadata. type: object required: - client_type properties: client_type: $ref: '#/components/schemas/ClientTypeEnum' client_metadata: $ref: '#/components/schemas/ClientMetadata' requester_location: description: | CF-geolocated `city, region, country` of the `/auth/grant/code` requester. Omitted off-edge (preview / local). type: string maxLength: 256 approver_location: description: | CF-geolocated `city, region, country` of the dashboard user viewing the consent screen. Omitted off-edge. type: string maxLength: 256 country_mismatch: description: | `true` when both `cf-ipcountry` values are known and differ. Omitted (not `false`) when either country is unknown — callers must treat omitted as "do not warn". type: boolean ClientTypeEnum: description: > Type of first-party client being authorized. `cli` for the dyn CLI, `mcp` for an MCP server, `demo` for demo applications oauth-ing into redcoast, `ide-plugin` for editor extensions, and `other` as a catch-all. type: string enum: - cli - mcp - demo - ide-plugin - other ClientMetadata: description: | Optional metadata sent at grant request time so the authorizing user can recognize the client in the management UI. Every field is optional — a CLI may know its hostname, an embedded MCP server may not. type: object properties: name: description: Package or product name. e.g. `@dynamic-labs/dynamic-cli` type: string maxLength: 255 version: description: Semver-compatible version string. e.g. `0.4.2` type: string maxLength: 64 hostname: description: Machine hostname where the client is running. e.g. `my-laptop` type: string maxLength: 255 os: description: | Operating system identifier as reported by the client. Typical values: `darwin`, `linux`, `win32`. type: string maxLength: 64 Unauthorized: type: object properties: error: description: Human-readable error message describing the authentication failure type: string example: No jwt provided! InternalServerError: type: object properties: error: description: Human-readable error message type: string example: Internal Server Error responses: Unauthorized: description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/Unauthorized' InternalServerError: description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/InternalServerError' ````