Skip to main content
Integrations with Pleo should use OAuth 2.0 for authorisation wherever possible. Alternative methods may be supported, such as Integrated API Keys.

OAuth 2.0 Workflow

OAuth 2.0 uses a redirect-based authorisation flow that allows users to grant your integration access to their Pleo data without sharing credentials. At a high level, OAuth 2.0 works as follows:
  1. Resource Owner + Client
    A customer clicks the “Connect with Pleo” button in your application.
  2. Authorisation Server
    The request is redirected to Pleo’s Authorisation Server, where the user grants permission for your integration to access their Pleo data.
  3. Client
    Once the user authorises, Pleo redirects them back to your application with a code. Your integration exchanges this code for an access token.
  4. Resource Server + Client
    After the exchange, your integration can call Pleo APIs by including the access token in API requests. Your integration can then display the data to users or process it for downstream workflows, such as exports, synchronisation, or reporting.

What you need at the implementation level

This section outlines the key areas you need to understand to implement OAuth 2.0 securely:

1. Getting Set Up

  • Client Registration: Register your OAuth 2.0 client with Pleo. Provide required details such as redirect URIs and requested API scopes.
  • Client Configuration: Ensure your OAuth 2.0 client is configured to communicate correctly with Pleo’s Authorisation Server.

2. Implementing OAuth

3. Token Lifecycle

What Comes Next?

FAQs

These terms describe different parts of how OAuth 2.0 works in the Pleo platform.The difference between an integration, application, and OAuth 2.0 client is explained in the OAuth 2.0 Concepts and Terminology section.