---
title: "Step 4: Send an authorization request"
description: Use the GET {{authPath}}/{{envID}}/as/authorize operation to send an authorization request to the PingOne authorization server. This step queries the authorization server, and returns the flow ID as the id property in the response. You'll use this flow ID in Step 5 to start the sign-on flow and submit your test user's credentials.
component: pingone-api
page_id: pingone-api:getting-started:simple-sso-workflow/step-4-send-an-authorization-request
canonical_url: https://developer.pingidentity.com/pingone-api/getting-started/simple-sso-workflow/step-4-send-an-authorization-request.html
section_ids:
  troubleshooting: Troubleshooting
  example-request: Example Request
  example-response: Example Response
---

# Step 4: Send an authorization request

##

```none
GET {{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow
```

Use the `GET {{authPath}}/{{envID}}/as/authorize` operation to send an authorization request to the PingOne authorization server. This step queries the authorization server, and returns the flow ID as the `id` property in the response. You'll use this flow ID in Step 5 to start the sign-on flow and submit your test user's credentials.

In this request:

* `{{authPath}}` is the geographic domain to use for authentication and authorization for your PingOne environment. The PingOne top-level domain is `https://auth.pingone.com/` for the U.S. Refer to [PingOne API domains](../../before-you-begin/introduction.html#pingone-api-domains) for the top-level domains for other regions.

* `{{envID}}` is the environment ID for the environment you created in the prior workflow to create your test environment.

These request query parameters are required:

* `response_type` needs a value of `code` to correspond to the `responseTypes` value you set when creating the Web application in a prior step.

* `client_id` is the application ID returned when you created the Web application in a prior step. This is represented by the value of the `{{solutionAppID}}` Postman variable written automatically to your Postman environment.

* `redirect_uri` is one of the redirect URIs that you set when you created the Web application in a prior step.

* `response_mode` when set to `pi.flow`, it directs the authorization server to return a JSON response instead of a redirect.

* `scope` needs to be the OpenID Connect (OIDC) `openid` user claim that will be included in the token.

When successful, the request returns JSON that includes a flow ID and a `status` property to specify the next action in the sign-on flow. In this case, the flow status returns `USERNAME_PASSWORD_REQUIRED`.

### Troubleshooting

* Verify that `{{envID}}` is the ID for the new test environment you created.

* Verify that you've set the variables used in the request body correctly.

* Verify that `{{authPath}}` is correct for your geographic domain .

##

### Example Request

* cURL

* C#

* Go

* HTTP

* Java

* jQuery

* NodeJS

* Python

* PHP

* Ruby

* Swift

```shell
curl --location --globoff '{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid&response_mode=pi.flow'
```

```csharp
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
```

```golang
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid&response_mode=pi.flow"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
```

```http
GET /{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow HTTP/1.1
Host: {{authPath}}
```

```java
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow")
  .method("GET", body)
  .build();
Response response = client.newCall(request).execute();
```

```javascript
var settings = {
  "url": "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow",
  "method": "GET",
  "timeout": 0,
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
```

```javascript
var request = require('request');
var options = {
  'method': 'GET',
  'url': '{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow',
  'headers': {
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
```

```python
import requests

url = "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow"

payload = {}
headers = {}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)
```

```php
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
```

```ruby
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http://localhost:3000/callback&scope=openid&response_mode=pi.flow")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)

response = http.request(request)
puts response.read_body
```

```swift
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/authorize?response_type=code&client_id={{sharedWebAppID}}&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback&scope=openid&response_mode=pi.flow")!,timeoutInterval: Double.infinity)
request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()
```

### Example Response

200 OK

```json
{
    "_links": {
        "usernamePassword.check": {
            "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/flows/03c69293-8ec6-4f4a-a60f-535eae4b7520"
        },
        "password.forgot": {
            "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/flows/03c69293-8ec6-4f4a-a60f-535eae4b7520"
        },
        "self": {
            "href": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/flows/03c69293-8ec6-4f4a-a60f-535eae4b7520"
        },
        "signOnPage": {
            "href": "https://apps.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/signon/?flowId=03c69293-8ec6-4f4a-a60f-535eae4b7520"
        }
    },
    "_embedded": {
        "application": {
            "name": "SolutionApp_1768234372"
        }
    },
    "id": "03c69293-8ec6-4f4a-a60f-535eae4b7520",
    "environment": {
        "id": "abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6"
    },
    "resumeUrl": "https://auth.pingone.com/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/as/resume?flowId=03c69293-8ec6-4f4a-a60f-535eae4b7520",
    "status": "USERNAME_PASSWORD_REQUIRED",
    "createdAt": "2026-01-16T17:38:05.995Z",
    "expiresAt": "2026-01-16T17:53:05.996Z"
}
```