Authorization Endpoint
Starting point for the OAuth2 flow. The client requests an authorization code by redirecting the user to this endpoint.
Request
Code snippet: URL
GET https://.../oauth/authorize?response_type=code&client_id=...&code_challenge=...&code_challenge_method=S256&redirect_uri=...&scope=...&state=...
Parameters:
- Base Address: the base adress of the OAuth2 Server - see Crew OAuth2 Server Overview
- response_type: requested grant type. Only "code" is supported for this API
- client_id: A unique identification of the client application (package key), which is assigned during application registration
- code_challenge: PKCE code challenge according to RFC7636
- code_challenge_method: PKCE code challenge method according to RFC7636
- redirect_uri: A URI that will be called after the authentication and the authorization steps are done. The client application has to listen to this address, as it will be given the authorization code via this URI.
Important Note: According to the OAuth2 specification, public clients have to register their redirect URI. Therefore you MUST register a Callback URL for your app on the developer portal. If you are using custom URI schemes for your native app then consider our URI rewrite guidelines documented here: Registration of redirect_uri - scope: A scope or scopes requested by the client - typically something like https://cms.fra.dlh.de/publicCrewApi
- state: The state parameter is used by the application to store request-specific data and/or prevent CSRF attacks. The authorization server must return the unmodified state value back to the application.
Note: The "userLang" used to call the backend systems is taken from out of the client "Accept-Language"-Header.
Response
Code snippet: HTTP Header
HTTP/1.1 302 Found
Location: <redirection_uri>?code=...
Example
Code snippet: Get request
GET https://oauth-test.lufthansa.com/lhcrew/oauth/authorize?response_type=code
&redirect_uri=myApp://callback/
&scope=https://cms.fra.dlh.de/privateCabinApiDev
&client_id=123456789012345678901234
&code_challenge=1234567890123456789012345678901234567890123
&code_challenge_method=S256
&state=abc123xyz
Docs Navigation
- Lufthansa Open API
- Getting Started
- Public API Method Details
- Flight Schedules
- Reference Data
- Offers
- Operations
- Flight Schedules
- Flight Status
- Flight Status by Route
- Flight Status at Arrival Airport
- Flight Status at Departure Airport
- Flight Status Response
- Customer Flight Information
- Customer Flight Information at Arrival Airport
- Customer Flight Information by Route
- Customer Flight Information at Departure Airport
- Customer Flight Information Response
- Notifications
- cargo
- Partner API Method Details
- FlightOps/Crew API Method Details