> ## Documentation Index > Fetch the complete documentation index at: https://docs.qonto.com/llms.txt > Use this file to discover all available pages before exploring further. # Create an Embed Auth Link > OAuth scope: `embed_auth_link.write` Allows you to create an Embed Auth Link. Embed Auth Links allows your customers to seamlessly authenticate to Qonto Embed's Hosted Pages. Authentication works both for Hosted Pages served via redirect and iframe. ## OpenAPI ````yaml post /v1/embed_auth_links openapi: 3.1.1 info: version: v2 title: Qonto servers: - url: https://thirdparty.qonto.com description: Production URL - url: https://thirdparty-sandbox.staging.qonto.co description: Sandbox URL security: - OAuth: - organization.read - membership.read - membership.write - attachment.write - internal_transfer.write - payment.write - supplier_invoice.write - supplier_invoice.read - client_invoices.read - client_invoice.write - client.read - client.write - product.read - product.write - request_review.write - request_review.read - team.read - team.write - request_transfers.write - insurance_contract.read - insurance_contract.write - card.read - card.write - bank_account.write - beneficiary.trust - webhook - payment_link.write - payment_link.read - sepa_direct_debit.read - sepa_direct_debit.write - terminal.read - terminal.write - SecretKey: [] paths: /v1/embed_auth_links: parameters: - $ref: '#/components/parameters/X-Qonto-Staging-Token' post: tags: - Embed Auth Links summary: Create an Embed Auth Link description: > OAuth scope: `embed_auth_link.write` Allows you to create an Embed Auth Link. Embed Auth Links allows your customers to seamlessly authenticate to Qonto Embed's Hosted Pages. Authentication works both for Hosted Pages served via redirect and iframe. operationId: createEmbedAuthLink requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateEmbedAuthLinkRequest' responses: '200': description: The embed auth link has been created successfully. content: application/json: schema: $ref: '#/components/schemas/CreateEmbedAuthLinkResponse' '400': $ref: '#/components/responses/400-Bad-request' '401': $ref: '#/components/responses/401-Unauthorized' '500': $ref: '#/components/responses/500-Internal-Server-Error' security: - OAuth: - embed_auth_link.write components: parameters: X-Qonto-Staging-Token: name: X-Qonto-Staging-Token in: header description: >- Required only for Sandbox API requests; to get one, please sign up to the [Developer Portal](https://developers.qonto.com/). schema: type: string schemas: CreateEmbedAuthLinkRequest: type: object required: - embed_auth_link properties: embed_auth_link: type: object required: - post_authn_action properties: post_authn_action: type: string enum: - create_payment_link description: > Specifies where the user is redirected on the Hosted Page following authentication. - `create_payment_link`: The user will be redirected to the payment link creation flow. callback_url: type: string format: uri example: https://your-website.com/callback description: > The URL to which the user will be redirected upon completion of the action. A valid callback URL must: - Use the HTTPS scheme - Include a valid public top-level domain (TLD) The following are also permitted: - Subdomains - Explicit custom ports (e.g., 8080) - Path segments, query parameters, and fragments CreateEmbedAuthLinkResponse: type: object required: - embed_auth_link properties: embed_auth_link: $ref: '#/components/schemas/EmbedAuthLink' EmbedAuthLink: type: object required: - url - post_authn_action - callback_url - expired_at - used_at properties: url: type: string description: The URL of the embed auth link. example: >- https://embed.qonto.com/embed-auth-link/b079da82-0226-41a6-a39a-95b16c288915 post_authn_action: type: string enum: - create_payment_link description: >- Specifies where the user is redirected on the Hosted Page following authentication. callback_url: type: string format: uri description: >- The URL to which the user will be redirected upon completion of the action. example: https://your-website.com/callback expired_at: type: string format: date-time description: >- The date and time when the embed auth link will expire, formatted as an ISO 8601 date-time string. used_at: type: string format: date-time description: >- The date and time when the embed auth link was used, formatted as an ISO 8601 date-time string. BadRequestResponseBody: type: object properties: errors: type: array items: $ref: '#/components/schemas/BadRequestError' required: - errors UnauthorizedResponseBody: type: object properties: errors: type: array items: $ref: '#/components/schemas/UnauthorizedError' required: - errors BadRequestError: type: object properties: code: type: string description: Error code. detail: type: string description: Human readable error that explains error `code`. source: type: object properties: pointer: type: string description: >- The property in the request body that caused the error (optional). parameter: type: string description: The query parameter that caused the error (optional). required: - code - detail x-examples: Authorization field missing: code: bad_request detail: Authorization field missing UnauthorizedError: type: object properties: code: type: string description: Error code. detail: type: string description: Human readable error that explains error `code`. required: - code - detail x-examples: Invalid credentials: code: unauthorized detail: Invalid credentials responses: 400-Bad-request: description: Returns a bad request error. content: application/json: schema: $ref: '#/components/schemas/BadRequestResponseBody' examples: Authorization field missing: value: errors: - code: bad_request detail: Authorization field missing 401-Unauthorized: description: Returns an unauthorized error. content: application/json: schema: $ref: '#/components/schemas/UnauthorizedResponseBody' examples: authorization_header_missing: value: errors: - code: authorization_header_missing detail: authorization header missing authorization_token_invalid: value: errors: - code: authorization_token_invalid detail: authorization token invalid 500-Internal-Server-Error: description: Returns an internal server error. securitySchemes: OAuth: type: oauth2 description: > Bearer authorization header: `Bearer `, where `` is the access token received from the authorization server at the end of the [OAuth 2.0 flow](/get-started/business-api/authentication/oauth/oauth-flow). flows: authorizationCode: refreshUrl: https://oauth.qonto.com/oauth2/token authorizationUrl: https://oauth.qonto.com/oauth2/auth scopes: attachment.read: Retrieve attachments attachment.write: Upload attachments and remove attachments from transactions bank_account.write: Create, update and close bank accounts beneficiary.trust: Trust SEPA beneficiaries card.read: Retrieve cards card.write: Create or update cards client.read: Retrieve clients client.write: Create clients client_invoice.write: Create client invoices client_invoices.read: Retrieve client invoices and credit notes einvoicing.read: Retrieve e-invoicing settings embed_auth_link.write: Create Embed auth links insurance_contract.read: Retrieve insurance contracts insurance_contract.write: Create and update insurance contracts internal_transfer.write: >- Create internal transfers (between 2 Qonto accounts of the same organization) international_transfer.write: Create international transfers membership.read: Retrieve the authentified membership membership.write: Invite team members offline_access: Retrieve a refresh token organization.read: >- Retrieve organization, bank accounts, transactions, transfers, beneficiaries, labels, memberships, requests & statements payment.write: Create external transfers and untrust beneficiaries payment_link.read: >- Retrieve payment links, their payments, and the available payment methods payment_link.write: >- Connect to the payment links provider, create and deactivate payment links product.read: Retrieve products product.write: Create products request_cards.write: Create card requests request_review.write: Approve or decline requests request_transfers.write: Create transfer requests sepa_direct_debit.read: View SEPA Direct Debit payments sepa_direct_debit.write: Manage SEPA Direct Debit payments supplier_invoice.read: Retrieve supplier invoices supplier_invoice.write: Create supplier invoices team.read: Retrieve teams team.write: Create teams terminal.read: View your payment terminals terminal.write: Configure your terminals and initiate payments webhook: >- Receive a notification each time a particular event occurs in Qonto tokenUrl: https://oauth.qonto.com/oauth2/token SecretKey: type: apiKey description: cf. [API key](/get-started/business-api/authentication/api-key) name: Authorization in: header ````