About OAuth
Use Curlec OAuth to integrate your applications and securely access client resources via token-based authentication.
OAuth or Open Authorisation is an authorisation standard that allows applications to access resources hosted by other web apps on behalf of a user. For example, using OAuth, you can permit CricBuzz to access your Facebook profile without sharing your password. Your Facebook password will remain safe if CricBuzz faces a security breach.
Curlec OAuth is a token-based authentication method where the third party obtains an access token with your consent without you having to compromise your API key secret. OAuth gives the control in your hands to decide which application can access what level of resources within your Curlec account.
An online accounting software company, Acme Corp, wants to provide accounting services to a Curlec merchant, ABC.
Acme Corp. should be registered as a third-party application with Curlec to create credentials (client_id
and secret
) that authenticates the application on Curlec. When ABC wants to use the Acme Corp application, it should:
- Sign in with Curlec on the Acme Corp application.
- Provide approvals that allow the application to access protected resources.
ABC can start using the application only after it completes the above process.
- Sign up with Curlec as a Technology Partner by reaching out to our . You require this to register your application on the Curlec Dashboard.
- A front-end interface for your app with a button redirecting the user to the Curlec OAuth page.
- A redirect URL pointing to your application. Curlec will redirect users to this URL.
Given below is the overall flow:
- The sub-merchant logs in to the application.
- The sub-merchant clicks Connect with Curlec and is shown the authorisation page. The sub-merchant clicks Authorize to proceed.
- The application redirects to the Curlec authorisation URL. This URL requests the sub-merchant's approval for granting access to the requested resource on Curlec.
- The user is shown the approval page where they can accept or reject the grant of this access.
- After the user approves or rejects the request, Curlec redirects to the
redirect_url
specified.- If approved, an
authorization_code
is included as a query parameter. - If denied, the error reason is sent in the query parameter.
- If approved, an
- On approval, the application requests an
access_token
in exchange for theauthorization_code
. - The application can use the
access_token
to access Curlec APIs on behalf of the sub-merchant.
Was this page helpful?