Skip to main content
Pleo provides two environments, Staging and Production, for Pleo Partners building integrations. All partner integrations are expected to follow a staging-first workflow to ensure stability and protect live financial and accounting data.

Available Environments

Staging (Partners Only)

Staging is a sandbox environment that allows partners to build, test, and validate their integrations safely before using live customer data. It provides:
  • Test partner accounts and test users
  • Test financial and expense data
  • A safe environment to validate OAuth 2.0 authorisation flows end-to-end
  • Full access to staging APIs without impacting production systems
  • The ability to test error handling, edge cases, and export workflows
Staging enables partners to complete integration development and confirm correct behaviour before requesting Production access. Staging access is provided as part of the Early Access Programme (EAP).

Production

Production is the live environment used for real customer data and financial operations. It is intended for integrations that:
  • Have been fully implemented and tested in Staging
  • Have completed required partner review and approval
  • Are ready to handle live customer authorisation and data
Production access is granted only after successful validation through the Early Access Programme.

Moving from Staging to Production

Production access is not available without prior Staging usage.
All partner integrations must be validated in Staging before they can be promoted.
To request Production access:
  • Complete integration testing in Staging
  • Confirm that your integration meets Pleo’s technical and security requirements
  • Proceed through the required review and approval steps as part of the Early Access Programme (EAP)
Once approved, Production credentials and environment details will be provided.

OAuth 2.0 Implementation and Testing Workflow

To implement and validate OAuth 2.0 authentication, partners typically follow these steps:
  1. Obtain an OAuth 2.0 App Client Request an OAuth 2.0 client (App Client), which provides:
    • Client ID
    • Client Secret
    This allows your integration to initiate the OAuth 2.0 authorisation flow.
  2. Implement the OAuth 2.0 authorisation flow Use the Client ID and Client Secret to:
  3. Use Staging accounts to test the flow Staging accounts provide:
    • Test users
    • Test financial data
    • A safe environment to authorise your integration and obtain access tokens
  4. Validate API access using OAuth 2.0 access tokens Use the issued access token to make authenticated API calls and confirm correct integration behaviour.
The Client Secret is never used as an API credential.API requests must use an OAuth 2.0 access token in the Authorization header:
Authorization: Bearer <access_token> # OAuth 2.0 access token
The Client Secret is only used during the OAuth 2.0 flow to obtain access tokens.

What Comes Next?

Next steps depend on how your integration authenticates with Pleo: