> Part of [WHCC Developer Documentation](https://www.whcc.com/developer/llms.txt) # OAuth Login Flow This flow allows your application to get secured access to create orders on behalf of a WHCC account, without having access to the specific WHCC account numbers and passwords. > The majority of Order Submit API integrations do not need this type of integration, instead using the simpler [`/api/AccessToken`](https://www.whcc.com/developer/docs/order-submit-api/request-access-token/index.html.md) endpoint for authentication. ## Requirements Each API call requires an access token to be passed along for authentication purposes. Using the OAuth flow you will use an access token and refresh token to make authenticated requests against a particular WHCC account. > This flow requires special permissions and additional documentation on proper use. ## GET `/oauth` Content-type: application/json ## curl ### Example Request ```shell curl https://login.whcc.com/oauth \ -d consumer_key=B431BE78D2E9FFFE3709 \ -d consumer_secret=RkZGRTM3MDk= \ -d response_type=request_url \ -d callback_url=https://webhook.site/e0cbfb89-d66b-4fc1-b25f-d42aa8908101?sessionID=1234567890 \ -X GET ``` ### Example Response ```json { "LoginURL": "https://login.whcc.com/Login.aspx", "SessionID": "4153bade88dd70d2bdef980209989dd9", "RedirectURI": "https://login.whcc.com/Login.aspx?4153bade88dd70d2bdef980209989dd9" } ``` You should redirect the user to the `RedirectURI` URL. Once the user has successfully logged in, they will be redirected to the `callback_url` passed in the original request, with an additional URL parameter of `whData` added. ```shell https://webhook.site/e0cbfb89-d66b-4fc1-b25f-d42aa8908101?sessionID=1234567890&whData=%7B%22client_id%22%3A10072%2C%22callback_url%22%3A%22https%3A%2F%2Fwebhook.site%2Fe0cbfb89-d66b-4fc1-b25f-d42aa8908101%22%2C%22token%22%3A%22f5961220db4950744f69331954efb553%22%2C%22studio%22%3A%22CH%20Studio%22%2C%22attention%22%3A%22Chris%20Hanline%22%2C%22addr%22%3A%222840%20Lone%20Oak%20Parkway%22%2C%22addr2%22%3A%22%22%2C%22addr3%22%3A%22%22%2C%22city%22%3A%22Eagan%22%2C%22state%22%3A%22MN%22%2C%22zip%22%3A%2255121%22%2C%22country%22%3A%22US%22%2C%22email%22%3A%22bizdev%40whcc.com%22%2C%22phone%22%3A%22651-646-8263%22%7D ``` ### whData JSON ```json { "client_id": 10072, "callback_url": "https://webhook.site/e0cbfb89-d66b-4fc1-b25f-d42aa8908101", "token": "f5961220db4950744f69331954efb553", "studio": "CH Studio", "attention": "Chris Hanline", "addr": "2840 Lone Oak Parkway", "addr2": "", "addr3": "", "city": "Eagan", "state": "MN", "zip": "55121", "country": "US", "email": "bizdev@whcc.com", "phone": "651-646-8263" } ``` If the user clicks cancel on the login page, we will redirect to your `callback_url` with the following parameters: ```shell https://webhook.site/e0cbfb89-d66b-4fc1-b25f-d42aa8908101?sessionID=1234567890&error=access_denied&error_reason=user_denied&error_description=The+user+denied+your+request ``` > ## What's Next > > Explore the [Product Catalog](https://www.whcc.com/developer/docs/order-submit-api/product-catalog/index.html.md)