# Authentication

## Requisites

Before you can interact with Securitize iD APIs, request from Customer Success team the following information:

* **issuerID or DomainID**: this is the ID which identifies your unique Domain.
* **OAuthsecret:** this is the OAuth secret.
* **Base URL:** where to connect to Securitize iD (Sandbox or Production environments).

You will have to provide a **redirectURL** to a server where your logic is running. This URL has to be **whitelisted** by Securite. You can find more information of how to perform the process [here](https://sec-connect-api-docs.securitize.io/whitelisting/whitelisting-redirected-urls). 

In order to integrate Securitize iD as an authentication procedure, you will just have to add a Log in with Securitize iD button to your log in/registration page. That button will provide a link to initiate the OAuth process so the user can login and carry out the verification steps.

![Securitize iD Log in button](https://3089939358-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0s5hDBimB3LTc-VvjT%2F-M8p1KKk9KTAhtHkG9PW%2F-M8p1g-neVqd4-gSEOrg%2Flogin%20SiD.png?alt=media\&token=490e102a-b6c0-4dbe-9a2c-5acd8c50f4f0)

## The initial flow

![](https://3089939358-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M0s5hDBimB3LTc-VvjT%2F-Mdpc8GWQG_26YmG-NMl%2F-MdpdasK6tQX3RjNE5BF%2FinitialFlow.png?alt=media\&token=e6c68d57-a955-49b5-a1d8-1869491f5b6e)

## Initiating the OAuth process

To initiate the authentication process simply redirect the user to:

{% tabs %}
{% tab title="URL" %}

```http
https://id.securitize.io/#/authorize?issuerId=[CLIENT_ID]&scope=[SCOPE]&redirecturl=[REDIRECT_URL]
```

{% endtab %}
{% endtabs %}

| Parameter     | Description                                                                                              |
| ------------- | -------------------------------------------------------------------------------------------------------- |
| CLIENT\_ID    | Your application client id provided by Securitize                                                        |
| SCOPE         | Scope of data access (we currently only support `info details verification)`                             |
| REDIRECT\_URL | The url to redirect after investor signs the data share agreement. MUST be list in `redirectUrls` array. |

### Example:

{% tabs %}
{% tab title="URL Call" %}

```
https://id.securitize.io/#/authorize?issuerId=123e4567-e89b&scope=info%20details%20verification&redirecturl=https://dashboard.securitize.io/authorization
```

{% endtab %}

{% tab title="HTML" %}

```markup
<body>
 <div id="SecuritizeID">
 </div>
</body>
```

{% endtab %}

{% tab title="JavaScript" %}

```javascript
function showSecuritizeIDLogInLogo() {
   var baseUrl     = "STRING";
   var issuerID    = "STRING";
   var scope       = "info details verification";
   var redirecturl = "URL"

   var securitizeID = document.getElementById("SecuritizeID");
   var link = document.createElement("a");
   var logo = document.createElement("img");

   var href = baseUrl + "#/authorize" + "?issuerId=" 
              + issuerID + "&scope=" + scope + "&redirecturl=" + redirecturl;
   logo.src = "./images/securitizeID.png";
   link.href = href;
   link.appendChild(logo);
   securitizeID.appendChild(link);
 }
```

{% endtab %}
{% endtabs %}

## Working with OAuth response

If the process was successful we will return the following data added to your redirect url

```http
https://REDICT_URL?code=40cba031-8fd2-4a88-89ff-36e07e5e060b&country=US&authorized=true
```

| Parameter  | Description                                                                                                                                                                               |
| ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| code       | Authorisation code used to get the user access token. (Code will expire after 5 minutes)                                                                                                  |
| country    | Securitize iD Investor country                                                                                                                                                            |
| authorized | Returns `true` if investor was authorized on with your Application in the past. NOTE: does not return if its the first time investor is going through OAuth process with your application |

### Example:

This JavaScript snippet captures the query string of the redirected URL:

```javascript
 function captureTOKEN() {
   const queryString = window.location.search;
   const urlParams   = new URLSearchParams(queryString);
   const code        = urlParams.get("code");
   const country     = urlParams.get("country");
   const authorized  = urlParams.get("authorized");
   console.log(code, country, authorized);
   if (authorized == "true") {
     // User has signed-up and has a SecuritizeID
   }
 }
```