Registering an OAuth 2.0 client allows Pleo to identify your application, apply the correct redirect and scope configuration, and issue client credentials (Client ID and Client Secret) securely.
This how-to is part of the Staging onboarding process and provides the redirect URIs needed for Postman when completing the Developer Partner Registration form.
This guide covers Postman clients where Postman manages redirects and the token lifecycle. If your team prefers to manage the token lifecycle yourself, follow the How to Register an OAuth 2.0 Client article instead.
Prerequisites
- You are in the process of onboarding to Pleo’s Staging environment.
- Pleo has asked you to complete the Developer Partner Registration form.
- This how-to provides the redirect URIs you need to submit in the registration form.
Steps
1. Determine your Registration Data
Provide one or both Postman variants to Pleo to register your app depending on your team’s workflow preference.
| Postman Variant | Redirect URI |
|---|
| Web-based | https://oauth.pstmn.io/v1/browser-callback |
| Desktop | https://oauth.pstmn.io/v1/callback |
Example Registration
| Parameter | Value |
|---|
| Client Name | Example Client |
| Client URI | https://client.example/ |
| Terms of Service | https://client.example/legal/tos.html |
| Privacy Policy | https://client.example/legal/privacy.pdf |
| Contacts | name.surname@example.io |
| Redirect URIs | https://oauth.pstmn.io/v1/browser-callback |
| Scopes | users:read users:write |
| PKCE Support | Supported |
| Subject Type Preference | None |
Verify all URLs and API scopes before submitting. Incorrect redirect URIs or missing scopes commonly cause authorisation failures.
2. Receive Client Credentials
Do not embed the Client Secret in frontend code or distribute it. Storing secrets on client devices is not supported by Pleo.
| Credential | Description | Example Value |
|---|
| Client ID | Public identifier used to request authorisation and identify your app. | 12a3b456-78c9-0d12-34e5-f678ab9bcd0e |
| Client Secret | Confidential secret used to authenticate your app. Must be stored securely on a server and never exposed to end users. | 12345a6bcd789ef012abcd34ef5a6b |
Result
After completing these steps:
- Your application is registered as an OAuth 2.0 client in Pleo’s Staging environment.
- You have received a Client ID and Client Secret.
- Postman is not yet configured
- API calls are not possible at this stage.
What Comes Next?
this how-to is part of:
