Skip to main content
This workflow explains how Pleo Partners gain access to Pleo’s Staging environment and prepare their integration to authenticate using OAuth 2.0. It focuses on partner onboarding, environment access, and readiness, not the OAuth 2.0 protocol itself. By the end, you’ll understand what must be in place before a partner integration can authenticate and call Pleo APIs.

What You’ll Have Built

After completing this workflow, as a Pleo Partner:
  • You have access to Pleo’s Staging environment with dummy data
  • Your partner application is registered with Pleo
  • You have received an OAuth 2.0 Client ID and Client Secret
  • You are ready to complete the OAuth 2.0 workflow and make authenticated API calls in Staging

Who This Guide Is For

This guide is intended exclusively for Pleo Partners building multi-customer integrations with Pleo using OAuth 2.0. It is not intended for Pleo customers building internal tools or single-company integrations. The guide assumes:
  • You do not yet have Staging access
  • You are onboarding as a partner and preparing an integration for review

Before You Start

You should be familiar with:

Access to Staging Workflow Steps

1. Get Access to the Staging Environment (Partners Only)

Purpose: Before you can build or test a partner integration, you must have access to Pleo’s Staging environment. Staging mirrors production behaviour but uses dummy data, allowing Pleo Partners to develop and test integrations safely. Access is granted as part of the partner onboarding process and includes registering your integration intent through the Early Access Programme (EAP). Input:
  • Partner or company details
  • Integration use case and intended API usage
Output:
  • Login access to Pleo’s Staging environment
  • A Staging company populated with dummy data
Integration Design / Why It Matters:
  • Staging access is required before OAuth credentials can be issued
  • Dummy data ensures no real financial or accounting data is exposed
  • EAP registration allows Pleo to review and support partner integrations

How to Get Access to Staging (OAuth 2.0)

Onboard as a Pleo Partner and receive access to the Staging environment.

2. Complete OAuth 2.0 Setup

Purpose: After gaining Staging access, your partner integration must successfully complete the OAuth 2.0 authorisation flow before it can call any APIs. This ensures your integration can authenticate securely and obtain valid access tokens.
The Authorization: Bearer <token> header must contain a valid OAuth 2.0 access token issued by Pleo.
This is not the Client Secret and cannot be used until the OAuth workflow has been completed.
How This Step Is Completed: Follow the OAuth 2.0 Setup Workflow Guide, which covers:
  • Completing the authorisation flow
  • Exchanging authorisation codes for access tokens
Outcome of This Step: By completing the linked guide, you will have:
  • A valid OAuth 2.0 access token issued by Pleo
  • Confirmation that your integration can authenticate successfully and call APIs within approved scopes
Why This Matters:
  • OAuth 2.0 access tokens replace user credentials
  • Tokens are scoped and time-limited to maintain security

OAuth 2.0 Setup Workflow Guide

Complete the OAuth 2.0 authorisation workflow.

What Comes Next?

Once Staging access is confirmed and your partner integration can successfully call Pleo APIs using OAuth 2.0, you can continue with:
  • Export Expenses Workflow Guide (coming soon)