# Overview

### Beam API Uses OAuth

All requests to the Beam service are governed by OAuth 2.0 ([quick primer](https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2)) and follow the standard authorization-access token flow.

The Beam implementation closely follows [RFC 6749](https://tools.ietf.org/html/rfc6749).

### OAuth Flow Overview

When a user attempts to authorize their Beam account from your application, the following happens:

1. Your app generates the Authorization URL and displays the Beam login form to the user (see Step 1)
2. Beam attempts to authenticate the supplied credentials, and if successful, the user is asked to authorize access to their Beam account.
3. When the user authorizes access, an `authorization_code` is sent back to your app via a `GET` request (see Step 2)
4. Next, your app uses the `authorization_code` to request an `access_token` and `refresh_token` (see Step 3) 
5. Once you have an `access_token`, you can call the Beam API on the user's behalf (see Step 4)