OAuth 2.0 provides a more simplified client-developer flows from its predecessor and lets you securely grant access to third-party applications or aggregators to integrate and access Razorpay merchant resources, via token-based authentication.
For example, an online accounting software company, Acme Corp. that wants to provide accounting and bookkeeping services to a Razorpay merchant (or the user).
Acme Corp. has to be registered as a third party application with Razorpay first, to create credentials (
secret) that authenticates the application on Razorpay. Now, when the user wants to use Acme Corp. application, he or she is asked to sign in to Razorpay on the application, approve permissions allowing the application to access protected resources and only then proceed with using the application. This is provided via a number of requests and responses that are generated as a part of the OAuth model.
While the OAuth flow is fairly straightforward, you will need to have the following ready:
- Signup with Razorpay. This is required for registering your application on Razorpay Dashboard.
- Front-end interface to connect with Razorpay. This could be a button on your UI that points to Razorpay's OAuth page.
- A Redirect URL pointing to your application - Razorpay will redirect users to this URL.
At a high level, the following steps are required to get started with integrating your
third-party application via Razorpay OAuth:
- Create an Application: Register your application on Razorpay to receive client credentials (
- Authorization: This is the process of requesting a Razorpay merchant to grant your client access.
Details on each of the steps mentioned above are provided in the following sections. process of requesting a Razorpay merchant to grant your client access.
Details on each of the steps mentioned above are provided in the following sections.