> ## Documentation Index
> Fetch the complete documentation index at: https://docs.panderra.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Oauth Authorize Post

> Consent-allow submit.

Same query parameters as the GET; the consent UI forwards them
verbatim. Cookie-bound to the OAuth session, so anonymous POSTs
are 401'd up-front.

Response is JSON `{ redirect_to }` instead of a 302 because the
caller is a `fetch()` from the consent UI — we want the UI to
perform `window.location.href = ...` itself rather than have
fetch follow the redirect (and lose its cookie context).



## OpenAPI

````yaml /api-reference/openapi.json post /oauth/authorize
openapi: 3.1.0
info:
  title: Big Panda — Public API
  description: >-
    Externe REST-API für Connector-Plugins (JTL, Shopware), n8n-Integrationen
    und Custom-Clients. Tenant-Routing über Subdomain, Auth über Bearer-Token.
  version: 0.1.0
servers:
  - url: https://{tenant}.app.big-panda.ai
    description: Big Panda — Tenant-Subdomain. Ersetze {tenant} durch deinen Tenant-Slug.
    variables:
      tenant:
        default: demo
        description: Dein Big-Panda-Tenant-Slug (z.B. 'acme').
security:
  - BearerAuth: []
tags:
  - name: Products
  - name: Knowledge Entries
  - name: Categories
  - name: Sites
  - name: Search
  - name: OAuth
    description: >-
      OAuth-2.1-Authentifizierung — Discovery, Dynamic Client Registration,
      Authorize, Token, Revoke.
paths:
  /oauth/authorize:
    post:
      tags:
        - OAuth
      summary: Oauth Authorize Post
      description: |-
        Consent-allow submit.

        Same query parameters as the GET; the consent UI forwards them
        verbatim. Cookie-bound to the OAuth session, so anonymous POSTs
        are 401'd up-front.

        Response is JSON `{ redirect_to }` instead of a 302 because the
        caller is a `fetch()` from the consent UI — we want the UI to
        perform `window.location.href = ...` itself rather than have
        fetch follow the redirect (and lose its cookie context).
      operationId: oauth_authorize_post_oauth_authorize_post
      parameters: []
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema: {}
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      description: >-
        API-Token aus dem Big-Panda-Admin-UI unter Einstellungen → API-Keys.
        Header: `Authorization: Bearer <token>`.

````