# Authentication

## Introduction

### 1. Registering your client application

Before integrating the Petje.af API, you’ll need to register a new OAuth2 application in your Petje.af dashboard.

![Go to "Koppelingen > Apps" for creating a client application](https://3983081690-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-Lh9M5OcufDN8F3i6rFD%2F-LwTzHt6DxPAJJFPpfxl%2F-LwTzKPURBLPSNLZZcg5%2Fimage.png?alt=media\&token=634797c0-508e-416e-a632-795f06bc859c)

### **2. Redirect users to request access**

Redirect users form your application to [the authorize page](https://docs.petje.af/petje.af-api/authentication/authorize) using the necessary scopes. On this page the user can grant authorization to your client application for [the scopes](https://docs.petje.af/petje.af-api/authentication/scopes) you requested.

### 3. Petje.af redirects back to your site

If the user approves your application, Petje.af will redirect them back to your `redirect_uri` with a temporary `code` parameter.

Example of the redirect:

```
GET https://example.com/oauth/callback?code=CODE&state=STATE
```

### 4. **Exchange code for an access token**

After you have received the temporary code, you can exchange it for valid access and refresh tokens using t[he tokens endpoint](https://docs.petje.af/petje.af-api/authentication/tokens).

### 5. Refreshing tokens

Because the Petje.af API issues short-lived access tokens, you will need to refresh access tokens using [the tokens endpoint](https://docs.petje.af/petje.af-api/authentication/tokens) via the refresh token that was provided when the access token was issued.