> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scalev.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Get OAuth authorization server metadata

> Public OAuth metadata endpoint. Advertises only `/v3` OAuth endpoints, dynamic client registration, Client ID Metadata Documents, PKCE, and supported global machine scopes.



## OpenAPI

````yaml https://api-openapi.scalev.com/specs/v3/openapi.json get /v3/oauth/.well-known/oauth-authorization-server
openapi: 3.0.3
info:
  title: Nexus Commerce API
  version: 3.0.0
  description: >
    Public v3 commerce contract for storefront, customer, and authenticated
    business

    commerce flows.


    This specification intentionally documents only the `/v3` namespace.

    Store-derived public storefront routes under
    `/v3/stores/{store_id}/public/*` require `X-Scalev-Storefront-Api-Key`.

    HTML Mode public page runtime routes under `/v3/pages/{page_unique_id}/*`
    require `X-Scalev-Page-Api-Key` and do not accept storefront public API
    keys.

    Storefront API requests made with `X-Scalev-Storefront-Api-Key`, page
    runtime requests made with `X-Scalev-Page-Api-Key`, and guest-cart requests
    made with `X-Scalev-Guest-Token` are browser client requests and use the
    direct client/IP rate limiter. Machine-authenticated business requests are
    rate-limited per API key or OAuth installation. Rate-limit metadata is
    returned in `X-Ratelimit-*` headers, and `429` responses may be plain text.
  license:
    name: Proprietary
servers:
  - url: https://api.scalev.com
    description: Production
security: []
tags:
  - name: Orders
    description: Authenticated business order management endpoints.
  - name: Storefront
    description: >-
      Public storefront catalog, guest cart, and guest checkout flows. All
      store-derived public storefront routes require
      `X-Scalev-Storefront-Api-Key`.
  - name: HTML Mode Pages
    description: >-
      Public HTML Mode runtime endpoints. These routes require
      `X-Scalev-Page-Api-Key` for the path page and reject storefront public API
      keys.
  - name: OAuth
    description: >-
      Public and machine OAuth token-management endpoints. The authorization
      code flow accepts the standard `scope` parameter; public OAuth clients may
      use PKCE with `token_endpoint_auth_method=none`, and metadata document
      clients may use `private_key_jwt`.
  - name: Identity
    description: Authenticated business identity context.
  - name: Business Users
    description: Authenticated business-user membership self-service endpoints.
  - name: Landing Pages
    description: >-
      Authenticated business landing page endpoints. The documented payloads
      focus on HTML Mode pages.
    externalDocs:
      description: >-
        Read the Landing Pages API guide before creating or publishing HTML Mode
        pages.
      url: https://docs.scalev.com/en/landing-pages-api
  - name: Analytics Setup
    description: >-
      Authenticated business analytics provider catalogs and pixel/container
      endpoints used when configuring landing page displays.
  - name: OAuth Billing
    description: OAuth billing runtime, refund, and developer finance endpoints.
  - name: Customer Auth
    description: Public customer authentication and password-reset endpoints.
  - name: Customer Account
    description: Authenticated customer profile endpoints.
  - name: Customer Cart
    description: Authenticated customer cart management endpoints.
  - name: Customer Checkout
    description: Authenticated customer checkout preparation and confirmation endpoints.
  - name: Customer Orders
    description: Authenticated customer order read endpoints.
  - name: Customer Subscriptions
    description: Authenticated customer subscription and subscription-item endpoints.
  - name: Customer Courses
    description: Authenticated customer digital course access and progress endpoints.
  - name: Discounts
    description: Discount-code validation and authenticated management endpoints.
  - name: Locations
    description: Authenticated business location lookup endpoints.
  - name: Business Stores
    description: >-
      Authenticated business store lookup endpoints. These routes use direct
      numeric Scalev store database IDs.
  - name: Storefront Setup
    description: >-
      Authenticated business setup endpoints for public storefront keys and CORS
      origins.
  - name: Shipping
    description: Authenticated business shipping lookup endpoints.
  - name: Business Products
    description: >-
      Authenticated business product, variant, taxonomy, and course management
      endpoints.
  - name: Business Bundles
    description: >-
      Authenticated business bundle, bundle-price-option, and related
      bundle-management endpoints.
  - name: Business Customers
    description: Authenticated business customer and customer-address management endpoints.
  - name: WABA
    description: >-
      Authenticated WhatsApp Business Account operations and related WABA
      resources.
  - name: WhatsApp Integrations
    description: Authenticated WhatsApp integration management endpoints.
paths:
  /v3/oauth/.well-known/oauth-authorization-server:
    get:
      tags:
        - OAuth
      summary: Get OAuth authorization server metadata
      description: >-
        Public OAuth metadata endpoint. Advertises only `/v3` OAuth endpoints,
        dynamic client registration, Client ID Metadata Documents, PKCE, and
        supported global machine scopes.
      operationId: getOAuthAuthorizationServerMetadata
      responses:
        '200':
          $ref: '#/components/responses/OAuthAuthorizationServerMetadataResponse'
        '400':
          $ref: '#/components/responses/BadRequestResponse'
components:
  responses:
    OAuthAuthorizationServerMetadataResponse:
      description: OAuth authorization server metadata
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/OAuthAuthorizationServerMetadata'
    BadRequestResponse:
      description: Bad Request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ApiErrorResponse'
  schemas:
    OAuthAuthorizationServerMetadata:
      type: object
      additionalProperties: true
      required:
        - issuer
        - authorization_endpoint
        - token_endpoint
        - registration_endpoint
        - response_types_supported
        - grant_types_supported
        - token_endpoint_auth_methods_supported
        - code_challenge_methods_supported
        - client_id_metadata_document_supported
        - scopes_supported
      properties:
        issuer:
          type: string
          format: uri
          example: https://api.scalev.com/v3/oauth
        authorization_endpoint:
          type: string
          format: uri
          example: https://app.scalev.com/oauth/authorize
        token_endpoint:
          type: string
          format: uri
          example: https://api.scalev.com/v3/oauth/token
        registration_endpoint:
          type: string
          format: uri
          example: https://api.scalev.com/v3/oauth/register
        introspection_endpoint:
          type: string
          format: uri
          example: https://api.scalev.com/v3/oauth/introspect
        revocation_endpoint:
          type: string
          format: uri
          example: https://api.scalev.com/v3/oauth/revoke
        response_types_supported:
          type: array
          items:
            type: string
          example:
            - code
        grant_types_supported:
          type: array
          items:
            type: string
          example:
            - authorization_code
            - refresh_token
        token_endpoint_auth_methods_supported:
          type: array
          items:
            type: string
            enum:
              - client_secret_post
              - client_secret_basic
              - none
              - private_key_jwt
        code_challenge_methods_supported:
          type: array
          items:
            type: string
          example:
            - S256
        client_id_metadata_document_supported:
          type: boolean
          example: true
        scopes_supported:
          type: array
          items:
            type: string
    ApiErrorResponse:
      type: object
      properties:
        error:
          $ref: '#/components/schemas/FlexibleValue'
        error_code:
          type: string
        message:
          type: string
          description: Error-only human-readable detail.
        errors:
          $ref: '#/components/schemas/FlexibleValue'
      additionalProperties: false
    FlexibleValue:
      oneOf:
        - $ref: '#/components/schemas/FlexibleObject'
        - type: array
          items: {}
        - type: string
        - type: number
        - type: boolean
    FlexibleObject:
      type: object
      additionalProperties: true

````