> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pleo.io/llms.txt
> Use this file to discover all available pages before exploring further.

# How to Register an OAuth 2.0 Client (Postman)

export const WhatComesNext = ({children, href}) => <div className="mt-4">
    <a href={href} className="
        inline-flex items-center justify-center
        rounded-full
        bg-black text-white dark:bg-[#1f262b]
        px-5 py-2.5 text-sm font-medium
        no-underline border-0
        hover:bg-[#ffe6ea] dark:hover:bg-[#2b1f23]
        hover:text-black
        transition-colors
      ">
      {children} →
    </a>
  </div>;

Registering an OAuth 2.0 client allows Pleo to identify **Postman as the application**, apply the correct redirect and scope configuration, and issue client credentials (**Client ID** and **Client Secret**) securely.

This how-to is part of the **Staging onboarding process** and provides the **redirect URIs** needed for Postman when completing the Developer Partner Registration form.

This guide covers Postman clients where Postman manages redirects and the token lifecycle. If your team prefers to manage the token lifecycle yourself, follow the [How to Register an OAuth 2.0 Client](/docs/current/how-tos/oauth/how-to-register-an-oauth-client) article instead.

## Prerequisites

* You are in the process of onboarding to Pleo’s [Staging environment](/docs/current/how-tos/environment-access/how-to-get-access-to-staging-oauth).
* Pleo has asked you to complete the **Developer Partner Registration** form.
* This how-to provides the **redirect URIs** you need to submit in the registration form.

## Steps

### 1. Determine your Registration Data

Provide one or both Postman variants to Pleo to register your app depending on your team’s workflow preference.

| Postman Variant | Redirect URI                                 |
| :-------------- | :------------------------------------------- |
| Web-based       | `https://oauth.pstmn.io/v1/browser-callback` |
| Desktop         | `https://oauth.pstmn.io/v1/callback`         |

#### Example Registration

| Parameter               | Value                                                                                    |
| ----------------------- | ---------------------------------------------------------------------------------------- |
| Client Name             | Example Client                                                                           |
| Client URI              | [https://client.example/](https://client.example/)                                       |
| Terms of Service        | [https://client.example/legal/tos.html](https://client.example/legal/tos.html)           |
| Privacy Policy          | [https://client.example/legal/privacy.pdf](https://client.example/legal/privacy.pdf)     |
| Contacts                | [name.surname@example.io](mailto:name.surname@example.io)                                |
| Redirect URIs           | [https://oauth.pstmn.io/v1/browser-callback](https://oauth.pstmn.io/v1/browser-callback) |
| Scopes                  | users:read users:write                                                                   |
| PKCE Support            | Supported                                                                                |
| Subject Type Preference | None                                                                                     |

<Tip>
  Verify all URLs and [API scopes](/docs/current/authentication/api-scopes) before submitting. Incorrect redirect URIs or missing scopes commonly cause authorisation failures.
</Tip>

***

### 2. Receive Client Credentials

<Warning>
  Do **not** embed the Client Secret in frontend code or distribute it. Storing secrets on client devices is not supported by Pleo.
</Warning>

After registration, Pleo shares your credentials securely via 1Password:

| Credential    | Description                                                                                                                         | Example Value                        |
| ------------- | ----------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ |
| Client ID     | Public identifier used to request authorisation and identify your OAuth 2.0 client.                                                 | 12a3b456-78c9-0d12-34e5-f678ab9bcd0e |
| Client Secret | Confidential secret used to authenticate your OAuth 2.0 client. Must be stored securely on a server and never exposed to end users. | 12345a6bcd789ef012abcd34ef5a6b       |

## Result

After completing these steps:

* Postman is registered as an OAuth 2.0 client in Pleo’s Staging environment
* You have received a **Client ID** and **Client Secret**
* Postman is not yet configured to use these credentials
* API calls are **not possible** at this stage

## What Comes Next?

<WhatComesNext href="/docs/current/how-tos/oauth-postman/how-to-configure-postman-for-oauth">
  Configure Postman
</WhatComesNext>

***

<div className="text-xs uppercase" style={{ fontVariant: 'small-caps' }}>
  this how-to is part of:
</div>

<div className="mt-4 flex flex-wrap gap-2">
  <a
    href="/docs/current/guides/oauth-workflow-guide-postman"
    className="inline-flex items-center rounded-full border border-gray-300 dark:border-gray-600 
px-3 py-1 text-xs font-medium 
bg-white dark:bg-[#1f262b] text-black dark:text-white
hover:bg-gray-100 dark:hover:bg-[#2b2f33]
transition-colors"
  >
    OAuth 2.0 Setup with Postman Workflow Guide
  </a>
</div>

***

## FAQs

<Accordion title="What is the difference between an integration, application, and OAuth 2.0 client?">
  These terms describe different parts of how OAuth 2.0 works in the Pleo platform.

  The difference between an **integration**, **application**, and **OAuth 2.0 client** is explained in the [OAuth 2.0 Concepts and Terminology](/docs/current/authentication/oauth/oauth-overview#concepts-and-terminology) section.
</Accordion>

***

## Related Reading

* [OAuth 2.0 Setup Workflow Guide](/docs/current/guides/oauth-workflow-guide)

  Step-by-step instructions on how to configure OAuth 2.0 where you handle the full token lifecycle

***
