Skip to content
Evershell Docs

Start the OAuth consent flow

POST
/credentials/{id}/oauth/start
 
curl --request POST \
  --url https://your-org.evershell.ai/v1/credentials/example/oauth/start \
  --header 'Authorization: Bearer <token>'

Permissions: auth:write or auth:write:own — Members with :own can start the consent flow for their own personal AC credential; targeting another user’s row is rejected.

For Authorization Code credentials. Generates the provider’s authorize URL + state cookie pair. The browser navigates there, the user grants consent, the provider redirects to /oauth/callback which exchanges the code for the refresh token and flips the credential to active.

Authorizations

Section titled “Authorizations ”

Parameters

Section titled “ Parameters ”

Path Parameters

Section titled “Path Parameters ”
id
required
string

Responses

Section titled “ Responses ”

200

Section titled “200 ”

OK

Media type application/json
object
auth_url
required

Provider authorize URL with state, client_id, scope, and redirect_uri params populated.

string format: uri
Example generated
{
  "auth_url": "https://example.com"
}

400

Section titled “400 ”

Validation failure

Media type application/json
object
error
required
object
code
required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string
message
required

Human-readable summary

string
request_id
required

Server-generated request id for correlating logs

string
details

Optional structured context. Validation errors land at details.fields as a per-field map.

object
key
additional properties
any
Example 
{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

404

Section titled “404 ”

Resource not found in the caller’s org

Media type application/json
object
error
required
object
code
required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string
message
required

Human-readable summary

string
request_id
required

Server-generated request id for correlating logs

string
details

Optional structured context. Validation errors land at details.fields as a per-field map.

object
key
additional properties
any
Example 
{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

423

Section titled “423 ”

Tenant is past_due, decommissioning, or trial-expired

Media type application/json
object
error
required
object
code
required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string
message
required

Human-readable summary

string
request_id
required

Server-generated request id for correlating logs

string
details

Optional structured context. Validation errors land at details.fields as a per-field map.

object
key
additional properties
any
Example 
{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}

503

Section titled “503 ”

OAuth subsystem unavailable.

Media type application/json
object
error
required
object
code
required

Closed-enum slug (e.g. permission_denied, validation_error, workspace_not_found)

string
message
required

Human-readable summary

string
request_id
required

Server-generated request id for correlating logs

string
details

Optional structured context. Validation errors land at details.fields as a per-field map.

object
key
additional properties
any
Example 
{
  "error": {
    "code": "permission_denied",
    "message": "caller lacks required scope",
    "request_id": "7f3a9c2e"
  }
}