> ## Documentation Index > Fetch the complete documentation index at: https://developers.pleo.io/llms.txt > Use this file to discover all available pages before exploring further. # OAuth 2.0 Access to Staging Workflow Guide export const RememberCallout = ({title, children, icon = "🪢"}) =>

{icon}

{title &&

{title}

}

{children}

; export const RecommendedCallout = ({title, children, icon = "⭐"}) =>

{icon}

{title &&

{title}

}

{children}

; This guide applies **only to Pleo Partners**. All partner integrations must use **OAuth 2.0** as their authentication method. This workflow explains how **Pleo Partners** gain access to **Pleo’s Staging environment** and prepare their integration to authenticate using **OAuth 2.0**. It focuses on **partner onboarding, environment access, and readiness**, not the OAuth 2.0 protocol itself. By the end, you’ll understand **what must be in place before your integration can authenticate and call Pleo APIs**. ## What You’ll Have Built After completing this workflow, as a Pleo Partner: * You have access to Pleo’s **Staging environment** with dummy data * An OAuth 2.0 client is registered for your integration * You have received an **OAuth 2.0 Client ID and Client Secret** * You are ready to complete the OAuth 2.0 workflow and make authenticated API calls in Staging ## Who This Guide Is For This guide is intended **exclusively for Pleo Partners** building **multi-customer integrations** with Pleo using **OAuth 2.0**. It is not intended for Pleo customers building internal tools or single-company integrations. The guide assumes: * You do not yet have Staging access * You are onboarding as a partner and preparing an integration for review ## Before You Start You should be familiar with: * Pleo’s role as an [Expense Management Solution](/docs/current/getting-started/platform-overview) * The Pleo Partner [Early Access Programme (EAP)](/docs/current/getting-started/developer-partnership-programme) * [OAuth 2.0 Overview](/docs/current/authentication/oauth/oauth-overview) ## Access to Staging Workflow Steps ### 1. Get Access to the Staging Environment (Partners Only) **Purpose:** Before you can build or test your integration, you must have access to **Pleo’s Staging environment**. Staging mirrors production behaviour but uses dummy data, allowing **Pleo Partners** to develop and test integrations safely. Access is granted as part of the **partner onboarding process** and includes registering your integration intent through the **Early Access Programme (EAP)**. **Input:** * Partner or company details * Integration use case and intended API usage **Output:** * Login access to Pleo’s Staging environment * A Staging company populated with dummy data At this stage, your integration is authorised to request OAuth credentials but cannot yet call Pleo APIs. **Integration Design / Why It Matters:** * Staging access is required before OAuth credentials can be issued * Dummy data ensures no real financial or accounting data is exposed * EAP registration allows Pleo to review and support your integrations

How to Get Access to Staging (OAuth 2.0)

Onboard as a Pleo Partner and receive access to the Staging environment.

→

*** ### 2. Complete OAuth 2.0 Setup **Purpose:** After gaining Staging access, your integration must **successfully complete the OAuth 2.0 authorisation flow** before it can call any APIs. This ensures your integration can **authenticate securely** and obtain valid access tokens. The `Authorization: Bearer ` header must contain a valid OAuth 2.0 **access token** issued by Pleo. This is **not** the Client Secret and cannot be used until the OAuth 2.0 workflow has been completed. **How This Step Is Completed:** You can complete OAuth 2.0 setup in one of two ways, depending on how you are building and testing your integration: * [**Option A:**](/docs/current/guides/environment-access/staging-oauth-workflow#option-a-full-oauth-2-0-workflow-production-style-integration) Full OAuth 2.0 Workflow (Production-style Integration) * [**Option B:**](/docs/current/guides/environment-access/staging-oauth-workflow#option-b-oauth-2-0-using-postman) OAuth 2.0 using Postman **Outcome of This Step:** By completing the linked guide, you will have: * A valid OAuth 2.0 **access token** issued by Pleo * Confirmation that your integration can authenticate successfully and call APIs within approved scopes **Why This Matters:** * OAuth 2.0 access tokens replace user credentials * Tokens are scoped and time-limited to maintain security #### Option A: Full OAuth 2.0 Workflow (Production-style Integration) You'll cover: * Directing users to the authorisation endpoint * Exchanging authorisation codes for access tokens * Handling refresh tokens and token expiry * Making your first API call

OAuth 2.0 Setup Workflow Guide

Complete the OAuth 2.0 authorisation workflow.

→

#### Option B: OAuth 2.0 using Postman You'll cover: * Configuring Postman for OAuth 2.0 * Making your first API call using Postman

OAuth 2.0 Setup with Postman

Complete the OAuth 2.0 configuration in Postman.

→

*** ## What Comes Next? Once Staging access is confirmed and your integration can successfully call Pleo APIs using OAuth 2.0, you can continue with: * **Export Expenses Workflow Guide** (coming soon)