OAuth 2.0
The OAuth flow
OAuth 2.0 is a protocol that lets your app request access to a Qonto user account without getting their password. Your app can ask for specific permissions that the user will be able to review and validate.
Once the user has granted you access to his account you will be able to get a token that can be use to access Qonto API on his behalf.
Step by step
1
Authorize
The first step is to redirect the user to the Qonto OAuth server.The user will be invited to authenticate.
Then he will have to to allow your application to access his account.
See the Login endpoint documentation for a detailed description of this step.
Then he will have to to allow your application to access his account.See the Login endpoint documentation for a detailed description of this step.2
Exchange the verification code for an access token
Once user has granted access to his account, he will be rederected to your application via your
redirect_uri with a temporary authorization code.On your backend, you will have to exchange this code for an access_token.See the Token endpoint documentation for a detailed description of this step.3
Use your access token
To perform authenticated requests on the Qonto API, you will have to provide the
access_token in the Authorization header, as describe in this example:Resources
- If you need to understand better the OAuth flow: Postman visual flow.
- If you need more details about OAuth 2.0: Official documentation.