What You’ll Have Built
After completing this workflow, as a Pleo Partner:- You have access to Pleo’s Staging environment with dummy data
- Your partner application is registered with Pleo
- You have received an OAuth 2.0 Client ID and Client Secret
- You are ready to complete the OAuth 2.0 workflow and make authenticated API calls in Staging
Who This Guide Is For
This guide is intended exclusively for Pleo Partners building multi-customer integrations with Pleo using OAuth 2.0. It is not intended for Pleo customers building internal tools or single-company integrations. The guide assumes:- You do not yet have Staging access
- You are onboarding as a partner and preparing an integration for review
Before You Start
You should be familiar with:- Pleo’s role as an Expense Management Solution
- The Pleo Partner Early Access Programme (EAP)
- OAuth 2.0 Overview
Access to Staging Workflow Steps
1. Get Access to the Staging Environment (Partners Only)
Purpose: Before you can build or test a partner integration, you must have access to Pleo’s Staging environment. Staging mirrors production behaviour but uses dummy data, allowing Pleo Partners to develop and test integrations safely. Access is granted as part of the partner onboarding process and includes registering your integration intent through the Early Access Programme (EAP). Input:- Partner or company details
- Integration use case and intended API usage
- Login access to Pleo’s Staging environment
- A Staging company populated with dummy data
- Staging access is required before OAuth credentials can be issued
- Dummy data ensures no real financial or accounting data is exposed
- EAP registration allows Pleo to review and support partner integrations
How to Get Access to Staging (OAuth 2.0)
Onboard as a Pleo Partner and receive access to the Staging environment.
2. Complete OAuth 2.0 Setup
Purpose: After gaining Staging access, your partner integration must successfully complete the OAuth 2.0 authorisation flow before it can call any APIs. This ensures your integration can authenticate securely and obtain valid access tokens.The
This is not the Client Secret and cannot be used until the OAuth workflow has been completed.
Authorization: Bearer <token> header must contain a valid OAuth 2.0 access token issued by Pleo.This is not the Client Secret and cannot be used until the OAuth workflow has been completed.
- Completing the authorisation flow
- Exchanging authorisation codes for access tokens
- A valid OAuth 2.0 access token issued by Pleo
- Confirmation that your integration can authenticate successfully and call APIs within approved scopes
- OAuth 2.0 access tokens replace user credentials
- Tokens are scoped and time-limited to maintain security
OAuth 2.0 Setup Workflow Guide
Complete the OAuth 2.0 authorisation workflow.
What Comes Next?
Once Staging access is confirmed and your partner integration can successfully call Pleo APIs using OAuth 2.0, you can continue with:- Export Expenses Workflow Guide (coming soon)