Query Parameters
Unique identifier of your application. Please sign up to the Developer Portal to get one.
Example: "475670cc-e41a-4baa-8eb6-4329af7d1450"
It represents the list of permission that your application is requesting on the user account. It can be a single scope or a list of scopes together. In the latter case, the scopes must be written as a space separated list of values.
Examples:
- Single scope : "offline_access"
- Multiple scopes: "offline_access organization.read payment.write"
Use the offline_access scope if you require a refresh token.
Please refer to the API Reference section of this documentation to find which specific scopes are required for the actions you would like to perform. You will find the list of the available scopes here.
Type of authentication flow. Only code is supported.
It is a security parameter to protect against forgery attacks.
You need to pass a value that is unique to the user authenticating. At the end of the authentication process, you should compare the received state with the one you provided to make sure they are equal.
Example: "this-is-my-unique-value"
If you want to restrict the user to connect to a specific organization, you can pass the organization_id here. If this parameter is present, then the user won't be asked to select an organization during the OAuth flow.
Example: "1acf250c-a068-47fa-ae9d-032b85c148dc"
Starts the OAuth flow with a pre-selected organization, linked to the registration_id obtained during the onboarding flow. If this parameter is provided, then the user won't be asked to select an organization during the OAuth flow.
Example: "a584b060-8c96-488d-8bbb-74f0d3d2803c"
Response
Redirects the user to Qonto in order to get their authorization.
<Warning>Once the user is redirected to your redirect URI, you need to check the received state parameter against the one you provided on the request. If they do not match, you should stop the process as the request might have been forged by a malicious third party.</Warning>