Authorization Request

REST APIs Common OAuthAuthorization Request

Authorization Request

GEThttps://exchange.gemini.com/auth

The OAuth 2.0 authorization code grant flow involves the user being directed to an authorization server which returns an authorization code that may then be exchanged for access and refresh tokens. Access tokens are short-lived (24 hour expiration) and are used as authentication against Gemini APIs, while refresh tokens never expire and are used to regenerate access tokens. Users should first be redirected to Gemini to authorize access to your application. The user will be prompted to login using a Gemini OAuth window.

GETauth

curl --request GET \
  --url 'https://exchange.gemini.com/auth?client_id=my_id&response_type=code&redirect_uri=www.example.com%2Fredirect&state=82350325&scope=balances%3Aread%2Corders%3Acreate'

URL Parameters

client_idstring·required

Unique ID of your application. This is provided in your API settings.

response_typestring·required

The literal string "code".Example: code

redirect_uristring·required

The URL users should be returned to after they authorize. This URL must be included in your list of approved redirect URIs in your app registration.

statestring·required

A random string that will be returned to you in the response. You should verify this matches the value you sent before trusting the response.

scopestring·required

A comma-separated list of OAuth scopes corresponding to the access you are requesting. These scopes must be included in your list of scopes in your app registration.

Responses

Redirect to redirect_uri with authorization code and state

codestring

A temporary authorization code to be exchanged for access and refresh tokens.

statestring

The state value you provided in the request. Verify this matches before trusting the response.

PreviousOAuth NextGet Access Token

Last modified on May 5, 2026