Skip to main content
GET
/
auth
/
grant
/
peek
Read public-safe metadata about a pending grant
curl --request GET \
  --url https://app.dynamicauth.com/api/v0/auth/grant/peek \
  --header 'Authorization: Bearer <token>'
{
  "client_metadata": {
    "name": "<string>",
    "version": "<string>",
    "hostname": "<string>",
    "os": "<string>"
  },
  "requester_location": "<string>",
  "approver_location": "<string>",
  "country_mismatch": true
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Query Parameters

user_code
string
required

The user_code from the URL ?code= query param.

Response

Grant metadata.

Response from GET /auth/grant/peek?user_code=.... Used by the dashboard authorize page to render Authorize {clientName}? before the user clicks Approve. Does NOT return the grant_code — only the public-safe metadata.

client_type
enum<string>
required

Type of first-party client being authorized. cli for the dyn CLI, mcp for an MCP server, demo for demo applications oauth-ing into redcoast, ide-plugin for editor extensions, and other as a catch-all.

Available options:
cli,
mcp,
demo,
ide-plugin,
other
client_metadata
object

Optional metadata sent at grant request time so the authorizing user can recognize the client in the management UI. Every field is optional — a CLI may know its hostname, an embedded MCP server may not.

requester_location
string

CF-geolocated city, region, country of the /auth/grant/code requester. Omitted off-edge (preview / local).

Maximum string length: 256
approver_location
string

CF-geolocated city, region, country of the dashboard user viewing the consent screen. Omitted off-edge.

Maximum string length: 256
country_mismatch
boolean

true when both cf-ipcountry values are known and differ. Omitted (not false) when either country is unknown — callers must treat omitted as "do not warn".