Prerequisites
Before you begin:- You are in the process of onboarding to Pleo’s Staging environment.
- Pleo has asked you to complete the Developer Partner Registration form.
- This how-to provides the information you need to submit in the registration form.
Steps
1. Provide Registration Data
You provide information to Pleo in the following categories.Human-Readable Information
This information is shown to end users during authorisation:| Parameter | Description |
|---|---|
| Client Name | Your application’s brand name. |
| Client URI | Link to your app homepage or integration announcement page. |
| Logo | Square image (1:1 ratio) representing your application. |
| Terms of Service | Link to the legal agreement governing use of your app. |
| Privacy Policy | Link explaining how user data is collected and processed. |
| Contacts | Email addresses for people responsible for the application. |
Pleo-Specific Information
This information allows Pleo to integrate your application into the product:| Parameter | Description |
|---|---|
| Initiation URI | Where users start connecting your app to Pleo. |
| Settings URI | Where users manage your app’s settings from within Pleo. |
Technical Information
Required details to establish a secure OAuth 2.0 flow for your registered OAuth 2.0 client:| Parameter | Description |
|---|---|
| Redirect URIs | URL(s) where Pleo sends users after authentication. Must be HTTPS in production. |
| Scopes | API permissions your OAuth 2.0 client needs to access on behalf of the integration. |
| PKCE Support | Required for public clients to prevent authorisation-code attacks. Contact your Pleo Partner Manager for exceptions. |
| Subject Type Preference | (Optional) Default resource type your OAuth 2.0 client operates on when calling Pleo APIs. |
Each Pleo API defines its own set of scopes. Your registered OAuth 2.0 client can only access APIs and perform actions that correspond to the scopes you request during registration.
Example Registration
| Parameter | Value |
|---|---|
| Client Name | Example Client |
| Client URI | https://client.example/ |
| Terms of Service | https://client.example/legal/tos.html |
| Privacy Policy | https://client.example/legal/privacy.pdf |
| Contacts | name.surname@example.io |
| Redirect URIs | https://client.example/callback |
| Scopes | users:read users:write |
| PKCE Support | Supported |
| Subject Type Preference | None |
2. Receive Client Credentials
After registration, Pleo shares your credentials securely via 1Password:| Credential | Description | Example Value |
|---|---|---|
| Client ID | Public identifier used to request authorisation and identify your app. | 12a3b456-78c9-0d12-34e5-f678ab9bcd0e |
| Client Secret | Confidential secret used to authenticate your app. Must be stored securely on a server and never exposed to end users. | 12345a6bcd789ef012abcd34ef5a6b |
Result
After completing these steps:- Your OAuth 2.0 client is registered in Pleo’s Staging environment.
- You have received a Client ID and Client Secret.
- No users are authorised.
- No access tokens exist.
- API calls are not possible at this stage.
What Comes Next?
this how-to is part of:
FAQs
What is the difference between an integration, application, and OAuth 2.0 client?
What is the difference between an integration, application, and OAuth 2.0 client?
These terms describe different parts of how OAuth 2.0 works in the Pleo platform.The difference between an integration, application, and OAuth 2.0 client is explained in the OAuth 2.0 Concepts and Terminology section.
Related Reading
- OAuth 2.0 Client Registration – Step-by-step details of required fields, credentials, and redirect URIs.
- OAuth 2.0 Client Configuration – How to configure your client with correct endpoints, PKCE, and authentication methods.
- PKCE and Secured Patterns – Security requirements for public clients.