Zeq Auth — PKCE Cross-Domain
Cross-domain PKCE OAuth flow for third-party apps. 'Sign in with Zeq' — apps get a scoped token without ever seeing the equation.
| Endpoint | POST /api/auth/pkce/authorize |
| Auth | none |
| Rate limit | 10/min |
| Category | identity |
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
clientId | string | Yes | Registered app client ID. |
codeChallenge | string | Yes | PKCE code challenge (SHA-256, base64url). |
scope | string | No | Requested scopes (e.g. 'identity vault:read'). Default: 'identity'. |
redirectUri | string | Yes | Callback URL. |
Returns
{ authorizationCode, expiresIn, redirectUri }
Example
curl -sS -X POST \
-H "Content-Type: application/json" \
-d '{
"clientId": "<clientId>",
"codeChallenge": "<codeChallenge>",
"scope": "<scope>",
"redirectUri": "<redirectUri>"
}' \
"https://zeqsdk.com/api/auth/pkce/authorize"
This protocol is a named building block — one of the operations you
compose inside a state contract. Call it directly with
the request above, or invoke it from a contract that fires on your machine's
clock. Browse the whole library at GET /api/protocols; fetch this one at
GET /api/protocols/zeq-auth-pkce.