The OAuth flow

Step by step
Resources

Once the user has granted you access to his account you will be able to get a token that can be use to access Qonto API on his behalf.

Step by step

Authorize

The first step is to redirect the user to the Qonto OAuth server.The Qonto user will be invited to authenticate. Oauth 2 flow

Then they will have to allow your application to access one of the organizations they are part of. Oauth 2 flow

cf. this endpoint for a technical description of this step.

Exchange the authorization code for an access token

Once user has granted access to his account, he will be rederected to your application via your redirect_uri with a temporary authorization code.On your backend, you will have to exchange this code for an access_token.cf. this endpoint for a technical description of this step.

Use your access token

To perform authenticated requests on the Qonto API, you will have to provide the access_token in the Authorization header, as describe in this example:

curl GET 'https://thirdparty.qonto.com/organization' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer _YOUR_ACCESS_TOKEN_' \
    
Response: 200
{
    "organization": { ... }
}

Resources

If you need to understand better the OAuth flow: Postman visual flow.
If you need more details about OAuth 2.0: Official documentation.

TPP identification through PSD2 QSeal certificate Available scopes

⌘I

General

Business API

Onboarding API

SDKs & Libraries

The OAuth flow

Step by step

Authorize

Exchange the authorization code for an access token

Use your access token

Resources

General

Business API

Onboarding API

SDKs & Libraries

​Step by step

Authorize

Exchange the authorization code for an access token

Use your access token

​Resources

Step by step

Resources