OAuth 2.0
What is OAuth?
OAuth 2.0, or simply OAuth, is an industry standard for secured authorisation of web applications, allowing them to request access to user-owned resources from external resource providers, without asking users for their access credentials, such as passwords.
A few important characteristics of OAuth 2.0:
- In order to grant access, OAuth does not request for users' credentials.
- OAuth 2.0 also restricts actions - it keeps a check on what an external website/application could perform on the resources hosted on other websites/applications.
Implementation of OAuth in Pleo
In Pleo, we provide an implementation of an OAuth authorisation server, where we allow Developer Partners to do the following:
- Integrate third-party applications with Pleo.
- Access the Pleo APIs for transferring accounting data of customers recorded in Pleo to the third-party applications.
How to use OAuth?
In order to integrate your application with Pleo using OAuth, you must perform the following:
- Register your application and receive OAuth client credentials - client identifier and client secret.
- Integrate an OAuth client library in your application (recommended) or implement it from scratch.
- Configure your OAuth client to work with Pleo's authorisation server.
After completing these steps, users of your application could successfully and securely transition data from Pleo.
Roles
OAuth is a standard designed for access delegation. This includes the following four roles participating in the OAuth protocol (explained here in the context of integrating with Pleo):
- Resource owner: Pleo's customer - a company or an organisation (multi-entity set up) that owns a number of protected resources, such as accounting data, list of employees, etc.
- Resource server: Pleo APIs provides access to the protected resources.
- Client : Third-party applications that the Developer Partner wants to integrate with Pleo.
- Authorisation server: Pleo provides an OAuth implementation that fulfils the following:
- Allows clients to request access to resource servers.
- Helps resources owners to grant access to clients.
Updated 9 days ago