Request Service Account Authorization

Required plan: Growth

Description #

In order to gain access to the calendars of a domain with an Enterprise Connect account it must be authorized by an administrator of that domain.

Example Request #

https://app.cronofy.com/enterprise_connect/oauth/authorize
    ?response_type=code
    &client_id={CLIENT_ID}
    &redirect_uri={REDIRECT_URI}
    &scope={SCOPE}
    &delegated_scope={DELEGATED_SCOPE}
    &state={STATE}

Note that the URL for this method differs from that used when authorizing an individual calendar account.

Scopes #

The scope of the privileges you want the Enterprise Connect account to be granted. At least one of the following scopes must be requested:

  • service_account/accounts/manage to allow authorization of accounts
  • service_account/accounts/unrestricted_access to allow elevation of access for accounts
  • service_account/resources/manage to allow authorization of resources
  • service_account/resources/unrestricted_access to allow elevation of access for resources

Multiple scopes can be granted if separated with a space:

&scope=service_account/accounts/unrestricted_access service_account/resources/manage

Delegated scopes #

The scope of the privileges that can be granted when requesting access to users and resources. Examples include:

  • read_only
  • write_only
  • read_write
  • free_busy
  • free_busy_write

See the full scope list and documentation for more information.

Response URL parameters #

You will not receive a direct response to your authorization request, instead the administrator will be redirected to the redirect_uri with additional querystring parameters specified.

The responses are fully specified in section 4.1.2 of RFC 6749.

Successful response #

code  #

A short-lived, single-use code to be used to make an Access Token Request.

Will always be 32 character String of ASCII characters.

state  #

The value you passed for the state within the authorization request.

Error response #

error  #

A single ASCII error code. The complete list is within section 4.1.2.1 of RFC 6749, these are the most commonly encountered:

  • access_denied the administrator declined your request
  • unsupported_response_type your request’s response_type was not code
  • invalid_scope no valid scopes were specified in your request’s scope