Login endpoint
Your app should include a “Connect with Qonto” link that will point the user to our OAuth authentication endpoint: https://oauth.qonto.com/oauth2/auth.
The client will be redirected to qonto.com and will have to enter its login and password.
Once logged in we will redirect back the user to the redirect_uri
you provided us in the register form.
https://oauth.qonto.com/oauth2/auth?client_id=<Client ID>&redirect_uri=<Redirect URL>&scope=<Scope>&response_type=code&state=123456789
Example:
Query parameters
The call to GET https://oauth.qonto.com/oauth2/auth
must contain the following query parameters:
Unique identifier of your application. The value will be provided by Qonto after you fulfill the initial registration form.
URL to redirect the user back to your application after he accept the connection of your application with his account.
☝️ redirect_uri
needs to be encoded through this tool.
Type of authentication flow. Only code
is supported.
It represents the list of permission that your application is requesting on the user account. It can be a single scope or a list of scopes together. In the latter case, the scopes must be written as a space separated list of values.
Examples:
- Single scope : offline_access
- Multiple scopes: offline_access organization.read payment.write
Use the offline_access
scope if you require a refresh token.
Please refer to the API Reference section of this documentation to find which specific scopes are required for the actions you would like to perform. You will find the list of the available scopes here.
It is a security parameters to protect against forgery attacks.
You need to pass a value that is unique to the user authenticating.
At the end of the authentication process, you should compare the received state with the one you provided to make sure they are equals.
If you want to restrict the user to connect to a specific organization, you can pass the organization_id here. If this parameter is present, then the user won’t be asked to select an organization during the oauth flow.
Starts the oauth flow with a pre-selected organization, linked to the registration_id obtained during the onboarding flow. If this parameter is provided, then the user won’t be asked to select an organization during the oauth flow.
Response
Successfull response. The user is redirected to https://app.qonto.com/signin.
Successfull response. The user is redirected to https://app.qonto.com/signin.
This is generally due to a wrong client_id
.