Authorize User

Redirect the user to this URL in their browser to start the OAuth 2.0 flow. The user logs in, sees a consent screen, and authorizes your app. Panda IDX then redirects back to your redirect_uri with a one-time authorization code. No access token or client_secret needed — this is a browser redirect, not a server call.

GET/authorize

Authentication

OAuthAuthorization: Bearer

No authentication required. This is a browser redirect URL.

Query Parameters

client_idstring

required

From Partner Account → Manage Apps → View Credentials

redirect_uristring

required

Must match a URI registered in your OAuth App settings

scopestring

required

Comma-separated: listings, contacts, analytics

statestring

optional

Opaque value for CSRF protection (returned unchanged in callback)

Response

302 Redirect → Your Callback

After the user authorizes, Panda IDX redirects their browser to your callback URL with the authorization code:

{{redirect_uri}}?code=AUTHORIZATION_CODE&state={{state}}

codeOne-time authorization code (expires in 10 min). Exchange it for tokens via the Token Exchange endpoint.

stateSame value you sent — verify it matches to prevent CSRF attacks.

Request

# Build the URL and send it to the user
# (via WhatsApp, email, or redirect in browser)

AUTH_URL="https://api.pandaidx.com/authorize?\
client_id={{client_id}}&\
redirect_uri={{redirect_uri}}&\
scope=listings,contacts,analytics&\
state={{state}}"

echo $AUTH_URL

Response302 Redirect

https://your-app.com/callback?code=8f3a2b1c9d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a&state=whatsapp:+13051234567