Skip to main content
POST
/
oauth
/
authorize
/
approve
Approve an OAuth request from the Dev Portal
curl --request POST \
  --url https://mcp.echozero.app/oauth/authorize/approve \
  --header 'Content-Type: application/json' \
  --data '
{
  "response_type": "code",
  "client_id": "echozero-cli",
  "redirect_uri": "http://127.0.0.1:8765/callback",
  "scope": "read:agents read:strategies write:agents",
  "state": "<string>",
  "code_challenge": "<string>",
  "code_challenge_method": "S256"
}
'

Headers

x-signature
string

HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.

x-timestamp
string

Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.

Body

application/json
response_type
string
required
Example:

"code"

client_id
string
required
Example:

"echozero-cli"

redirect_uri
string
required
Example:

"http://127.0.0.1:8765/callback"

scope
string
required

Space-delimited OAuth scopes mapped to MCP API scopes.

Example:

"read:agents read:strategies write:agents"

state
string
required
code_challenge
string
required
code_challenge_method
string
required
Example:

"S256"

access_token
string

User JWT access token for browserless/local flows. Prefer Authorization: Bearer in API clients.

Response

201 - undefined