Skip to main content
POST
/
authorize
/
{id}
/
status
Check Authorization Status
curl --request POST \
  --url https://api.uip.digital/v1/authorize/{id}/status \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "client_id": "platform_abc123",
  "client_secret": "secret_xyz789"
}
'
{
  "status": "pending",
  "expires_at": "2025-01-11T12:35:00Z"
}
Check the status of an authorization session. This endpoint uses POST instead of GET because it requires client credentials in the request body for platform authentication. Poll this endpoint every 2-3 seconds until the status is completed or expired.

Request

Headers

HeaderRequiredDescription
AuthorizationYesBearer token with your API key: Bearer YOUR_API_KEY
Content-TypeYesMust be application/json

Path Parameters

id
string
required
The session ID returned when creating the authorization session.

Body Parameters

client_id
string
required
The platform’s client ID.
client_secret
string
required
The platform’s client secret.

Response

Pending

{
  "status": "pending",
  "expires_at": "2025-01-11T12:35:00Z"
}

Completed

When the business owner approves, the response includes the delegation token: 
{
  "status": "completed",
  "expires_at": "2025-01-11T12:35:00Z",
  "access_token": "uip_at_abc123xyz789..."
}

Expired

{
  "status": "expired",
  "expires_at": "2025-01-11T12:35:00Z"
}
status
string
required
Current authorization session status: pending, completed, or expired
expires_at
string
required
ISO 8601 timestamp when the session expires.
access_token
string
Delegation token with uip_at_ prefix (only present when completed). Use this as a Bearer token to make API calls on behalf of the business.

Example Request

curl -X POST "https://api.uip.digital/v1/authorize/sess_auth_1a2b3c4d/status" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "platform_abc123",
    "client_secret": "secret_xyz789"
  }'
Why POST? Unlike other status endpoints, this uses POST because platform credentials must be verified on every status check for security.
Webhook alternative: In addition to polling, UIP sends an authorize.completed webhook when the business owner approves. See Webhooks for details.

Errors

Possible error codes for this endpoint:
  • auth/missing-api-key - No API key provided
  • auth/invalid-api-key - Invalid API key
  • request/invalid-payload - Missing client credentials
  • resource/not-found - Authorization session not found
  • rate-limit/exceeded - Rate limit exceeded (100/min for authorize)
  • internal/server-error - Failed to retrieve session status

Authorizations

Authorization
string
header
required

Use your UIP API key as a bearer token

Path Parameters

id
string
required

The session_id returned when creating the authorization session

Body

application/json
client_id
string
required

The platform's client ID.

client_secret
string
required

The platform's client secret.

Response

200 - application/json

Authorization session status

status
enum<string>

Authorization session status

Available options:
pending,
completed,
expired
expires_at
string<date-time>

ISO 8601 timestamp when the session expires

access_token
string

Delegation token with uip_at_ prefix (only present when completed)