# 4.6 Authorization

## 4.6.1 Authorize Employee

The **`authorizeEmployee`** function, typically used by the server-side of the app, authorizes the registration of a new employee by authorizing the employee's newly created `employeePublicKey`. The server-side of the app can optionally inspect the signatures present in employeePublicKey for valid creation of the new employee before calling authorizeEmployee on it. This is useful for applications that allow creation of new users in the app on the client side (using an app secret with roles `ACCESS` and `CREATION`) so that the app-server itself never gets access to the private key of the user even temporarily as a new user’s key-pair is created (and encrypted) on the client-side. By ensuring the app-secret with role `AUTHORIZATION` is still used only on the server-side of the app, we can prevent a rogue app with stolen app secret from creating unauthorized or fake users.

The function takes the following parameters :

* **employeePublicKey :** EmployeePublicKey to be authorized.
* **companyName :** Company name of the employee.
* **companyEmployeeId :** Company employee id of the employee.

{% tabs %}
{% tab title="C++" %}

```cpp
#include "BayunCore.h"

std::string employeePublicKey = "<employeePublicKey>"
std::string companyName = "<companyName>"
std::string companyEmployeeId = "<companyEmployeeId>"
Bayun::BayunAuthResponseCode responseCode = 
bayunCore->authorizeEmployee(employeePublicKey, companyName, companyEmployeeId);
if (responseCode == Bayun::BayunAuthResponseCode::Success) {
      //EmployeePublicKey is authorized successfully
}
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
`BayunCore` class should be inited on app server using App Secret having role `Authorization` to be able to authorize an employee.
{% endhint %}

## 4.6.2 Get Unauthorized Employee Public Key

The **`unauthorizedEmployeePublicKey`** function can be used on the server-side of the app to get the employeePublicKey for its authorization by the **`authorizeEmployee`** function.

The function takes the following parameters :

* **companyName :** Company name of the employee.
* **companyEmployeeId :** Company employee id of the employee.

{% tabs %}
{% tab title="C++" %}

```cpp
#include "BayunCore.h"

std::string companyName = "<companyName>"
std::string companyEmployeeId = "<companyEmployeeId>"
std::string employeePublicKey = 
bayunCore->unauthorizedEmployeePublicKey(companyName, companyEmployeeId);
if (!employeePublicKey.empty()) {
      //EmployeePublicKey to be authorized.
}
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://bayun.gitbook.io/bayuncoresdk-cpp/3-authentication/4.6-authorization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.