How to Register an OAuth 2.0 Client (Postman)

Registering an OAuth 2.0 client allows Pleo to identify Postman as the application, apply the correct redirect and scope configuration, and issue client credentials (Client ID and Client Secret) securely. This how-to is part of the Staging onboarding process and provides the redirect URIs needed for Postman when completing the Developer Partner Registration form. This guide covers Postman clients where Postman manages redirects and the token lifecycle. If your team prefers to manage the token lifecycle yourself, follow the How to Register an OAuth 2.0 Client article instead.

Prerequisites

You are in the process of onboarding to Pleo’s Staging environment.
Pleo has asked you to complete the Developer Partner Registration form.
This how-to provides the redirect URIs you need to submit in the registration form.

Steps

1. Determine your Registration Data

Provide one or both Postman variants to Pleo to register your app depending on your team’s workflow preference.

Postman Variant	Redirect URI
Web-based	`https://oauth.pstmn.io/v1/browser-callback`
Desktop	`https://oauth.pstmn.io/v1/callback`

Example Registration

Parameter	Value
Client Name	Example Client
Client URI	https://client.example/
Terms of Service	https://client.example/legal/tos.html
Privacy Policy	https://client.example/legal/privacy.pdf
Contacts	name.surname@example.io
Redirect URIs	https://oauth.pstmn.io/v1/browser-callback
Scopes	users:read users:write
PKCE Support	Supported
Subject Type Preference	None

Verify all URLs and API scopes before submitting. Incorrect redirect URIs or missing scopes commonly cause authorisation failures.

2. Receive Client Credentials

Do not embed the Client Secret in frontend code or distribute it. Storing secrets on client devices is not supported by Pleo.

After registration, Pleo shares your credentials securely via 1Password:

Credential	Description	Example Value
Client ID	Public identifier used to request authorisation and identify your OAuth 2.0 client.	12a3b456-78c9-0d12-34e5-f678ab9bcd0e
Client Secret	Confidential secret used to authenticate your OAuth 2.0 client. Must be stored securely on a server and never exposed to end users.	12345a6bcd789ef012abcd34ef5a6b

Result

After completing these steps:

Postman is registered as an OAuth 2.0 client in Pleo’s Staging environment
You have received a Client ID and Client Secret
Postman is not yet configured to use these credentials
API calls are not possible at this stage

What Comes Next?

Configure Postman →

this how-to is part of:

OAuth 2.0 Setup with Postman Workflow Guide

FAQs

What is the difference between an integration, application, and OAuth 2.0 client?

These terms describe different parts of how OAuth 2.0 works in the Pleo platform.The difference between an integration, application, and OAuth 2.0 client is explained in the OAuth 2.0 Concepts and Terminology section.

OAuth 2.0 Setup Workflow Guide Step-by-step instructions on how to configure OAuth 2.0 where you handle the full token lifecycle

Get Started

Authentication and Authorisation

Platform Capabilities & Concepts

Integration Design

Workflow Guides

How-to's

GLOSSARY

ARCHIVED

How to Register an OAuth 2.0 Client (Postman)

Prerequisites

Steps

1. Determine your Registration Data

Example Registration

2. Receive Client Credentials

Result

What Comes Next?

FAQs

Get Started

Authentication and Authorisation

Platform Capabilities & Concepts

Integration Design

Workflow Guides

How-to's

GLOSSARY

ARCHIVED

​Prerequisites

​Steps

​1. Determine your Registration Data

​Example Registration

​2. Receive Client Credentials

​Result

​What Comes Next?

​FAQs

​Related Reading

Prerequisites

Steps

1. Determine your Registration Data

Example Registration

2. Receive Client Credentials

Result

What Comes Next?

FAQs

Related Reading