OAuth2 flow for end user

HI Support team,

I'm integrating Taboola into our application, so I need to send my end user to login to the Taboola account and then get the Authorization code, which then I can use to get access_token. But I have some questions here:

Is this login url correct?

https://authentication.taboola.com/authentication/login?grant_type=authorization_code&response_type=code&redirect_uri=[redirect_uri]&client_id=[client_id]

Does my [redirect_uri] need to be whitelisted by your team? If needed, and later I want to alternate it, do I need to email support again?
What response will I get from question 1? If this is authorization_code, how can I use it to get access_token? Your docs only guide by using client_id and client_secret (https://developers.taboola.com/backstage-api/reference/client-credentials-flow).

Hope to hear from your team soon.
Thanks.