About OAuth
Use OAuth to integrate your applications and securely access Razorpay and RazorpayX client resources via token-based authentication.
OAuth or Open Authorisation is an authorisation standard that allows applications to access resources hosted by other web apps on behalf of a user. For example, using OAuth, you can permit CricBuzz to access your Facebook profile without sharing your password. Your Facebook password will remain safe if CricBuzz faces a security breach.
Razorpay OAuth is a token-based authentication method where the third party obtains an access token with your consent without you having to compromise your API key secret. OAuth gives the control in your hands to decide which application can access what level of resources within your Razorpay account.
An online accounting software company, Acme Corp, wants to provide accounting services to a Razorpay merchant, ABC.
Acme Corp. should be registered as a third-party application with Razorpay to create credentials (client_id
and secret
) that authenticates the application on Razorpay. When ABC wants to use the Acme Corp application, it should:
- Sign in with Razorpay on the Acme Corp application.
- Provide approvals that allow the application to access protected resources.
ABC can start using the application only after it completes the above process.
- Sign up with Razorpay as a Technology Partner by reaching out to our . You require this to register your application on the Razorpay Dashboard.
- A front-end interface for your app with a button redirecting the user to the Razorpay OAuth page.
- A redirect URL pointing to your application. Razorpay will redirect users to this URL.
The following diagram explains the OAuth flow:
Given below is the overall flow:
- The sub-merchant logs in to the application.
- The sub-merchant clicks Connect with Razorpay and is shown the authorisation page. The sub-merchant clicks Authorize to proceed.
- The application redirects to the Razorpay authorisation URL. This URL requests the sub-merchant's approval for granting access to the requested resource on Razorpay.
- The user is shown the approval page where they can accept or reject the grant of this access.
- After the user approves or rejects the request, Razorpay redirects to the
redirect_url
specified.- If approved, an
authorization_code
is included as a query parameter. - If denied, the error reason is sent in the query parameter.
- If approved, an
- On approval, the application requests an
access_token
in exchange for theauthorization_code
. - The application can use the
access_token
to access Razorpay APIs on behalf of the sub-merchant.
Was this page helpful?