Skip to main content
This workflow explains how Pleo Partners gain access to Pleo’s Staging environment and prepare their integration to authenticate using OAuth 2.0. It focuses on partner onboarding, environment access, and readiness, not the OAuth 2.0 protocol itself. By the end, you’ll understand what must be in place before your integration can authenticate and call Pleo APIs.

What You’ll Have Built

After completing this workflow, as a Pleo Partner:
  • You have access to Pleo’s Staging environment with dummy data
  • An OAuth 2.0 client is registered for your integration
  • You have received an OAuth 2.0 Client ID and Client Secret
  • You are ready to complete the OAuth 2.0 workflow and make authenticated API calls in Staging

Who This Guide Is For

This guide is intended exclusively for Pleo Partners building multi-customer integrations with Pleo using OAuth 2.0. It is not intended for Pleo customers building internal tools or single-company integrations. The guide assumes:
  • You do not yet have Staging access
  • You are onboarding as a partner and preparing an integration for review

Before You Start

You should be familiar with:

Access to Staging Workflow Steps

1. Get Access to the Staging Environment (Partners Only)

Purpose: Before you can build or test your integration, you must have access to Pleo’s Staging environment. Staging mirrors production behaviour but uses dummy data, allowing Pleo Partners to develop and test integrations safely. Access is granted as part of the partner onboarding process and includes registering your integration intent through the Early Access Programme (EAP). Input:
  • Partner or company details
  • Integration use case and intended API usage
Output:
  • Login access to Pleo’s Staging environment
  • A Staging company populated with dummy data
At this stage, your integration is authorised to request OAuth credentials but cannot yet call Pleo APIs. Integration Design / Why It Matters:
  • Staging access is required before OAuth credentials can be issued
  • Dummy data ensures no real financial or accounting data is exposed
  • EAP registration allows Pleo to review and support your integrations

How to Get Access to Staging (OAuth 2.0)

Onboard as a Pleo Partner and receive access to the Staging environment.

2. Complete OAuth 2.0 Setup

Purpose: After gaining Staging access, your integration must successfully complete the OAuth 2.0 authorisation flow before it can call any APIs. This ensures your integration can authenticate securely and obtain valid access tokens. How This Step Is Completed: You can complete OAuth 2.0 setup in one of two ways, depending on how you are building and testing your integration:
  • Option A: Full OAuth 2.0 Workflow (Production-style Integration)
  • Option B: OAuth 2.0 using Postman
Outcome of This Step: By completing the linked guide, you will have:
  • A valid OAuth 2.0 access token issued by Pleo
  • Confirmation that your integration can authenticate successfully and call APIs within approved scopes
Why This Matters:
  • OAuth 2.0 access tokens replace user credentials
  • Tokens are scoped and time-limited to maintain security

Option A: Full OAuth 2.0 Workflow (Production-style Integration)

You’ll cover:
  • Directing users to the authorisation endpoint
  • Exchanging authorisation codes for access tokens
  • Handling refresh tokens and token expiry
  • Making your first API call

OAuth 2.0 Setup Workflow Guide

Complete the OAuth 2.0 authorisation workflow.

Option B: OAuth 2.0 using Postman

You’ll cover:
  • Configuring Postman for OAuth 2.0
  • Making your first API call using Postman

OAuth 2.0 Setup with Postman

Complete the OAuth 2.0 configuration in Postman.

What Comes Next?

Once Staging access is confirmed and your integration can successfully call Pleo APIs using OAuth 2.0, you can continue with:
  • Export Expenses Workflow Guide (coming soon)