Available Environments
Staging (Partners Only)
Staging is a sandbox environment that allows partners to build, test, and validate their integrations safely before using live customer data. It provides:- Test partner accounts and test users
- Test financial and expense data
- A safe environment to validate OAuth 2.0 authorisation flows end-to-end
- Full access to staging APIs without impacting production systems
- The ability to test error handling, edge cases, and export workflows
Production
Production is the live environment used for real customer data and financial operations. It is intended for integrations that:- Have been fully implemented and tested in Staging
- Have completed required partner review and approval
- Are ready to handle live customer authorisation and data
Moving from Staging to Production
Production access is not available without prior Staging usage.
All partner integrations must be validated in Staging before they can be promoted.
All partner integrations must be validated in Staging before they can be promoted.
- Complete integration testing in Staging
- Confirm that your integration meets Pleo’s technical and security requirements
- Proceed through the required review and approval steps as part of the Early Access Programme (EAP)
OAuth 2.0 Implementation and Testing Workflow
To implement and validate OAuth 2.0 authentication, partners typically follow these steps:-
Obtain an OAuth 2.0 App Client
Request an OAuth 2.0 client (App Client), which provides:
- Client ID
- Client Secret
- Implement the OAuth 2.0 authorisation flow Use the Client ID and Client Secret to:
-
Use Staging accounts to test the flow
Staging accounts provide:
- Test users
- Test financial data
- A safe environment to authorise your integration and obtain access tokens
- Validate API access using OAuth 2.0 access tokens Use the issued access token to make authenticated API calls and confirm correct integration behaviour.
The Client Secret is never used as an API credential.API requests must use an OAuth 2.0 access token in the Authorization header:The Client Secret is only used during the OAuth 2.0 flow to obtain access tokens.
What Comes Next?
Next steps depend on how your integration authenticates with Pleo:- Pleo Partners (OAuth 2.0):
Follow the OAuth 2.0 Access to Staging guide to configure and test authentication in Staging.
Related Reading
- Accounting Integration Overview: A high-level overview of Accounting Integrations between Pleo and external ERP or Accounting Systems.