In this guide, you will learn how to register your client application with SumUp and obtain OAuth client credentials for it. You will go through the following steps:
- Open the Developers page
- Configure the Consent screen
- Create OAuth client credentials
- Access your client credentials
When you complete these steps, you will have a JSON file with the client credentials for each of your registered applications. You can then use one of the OAuth2 authorization flows to obtain an access token for a registered application and start interacting with the SumUp REST API.
Before you begin
Here are the things that you need in order to complete the steps in this guide:
- You have a merchant account with SumUp and have already filled in your account details.
- For a test account reach out to our support team through this contact form.
- You have the following information available:
- Your application name.
- One or more redirection URIs for registering with SumUp. We will use a registered URI to redirect users to your application after authentication and to send you the authorization codes for obtaining access tokens via the OAuth2 Authorization Code Flow.
1. Open the Developers page
2. Configure the Consent screen
On the Developers page, go to the Consent screen section shown below and fill in all available details. The required fields in this section are the Product name for your application and the Home page URL to your website.
The information you provide in the consent screen section is displayed to SumUp merchant users when you request access to their user account data. You can see a preview of how the information is presented to users in the section describing the OAuth2 Authorization Code Flow.
Click Save to store the provided information.
3. Create OAuth client credentials
This step is also covered in this video guide.
On the Developers page, go to the OAuth - Create Client Credentials section and click Create client credentials. You will see the dialog window shown below.
You need to provide the following details:
|Application type||Yes||The type of your client application. You can select from the following options: Web Android iOS Other|
|Client name||Yes||A descriptive name for your client application.|
|Authorized redirect URI||Yes||A redirection URI that you want to register for your client application. When merchant users authenticate with SumUp and authorize your client app to access their account data, they are redirected to this path in your application. To specify more than one redirection URI for the client application, separate each URI with a comma.|
Click Save to store the provided application details and to generate your client credentials. In the OAuth - Create Client Credentials section, you will see an entry with the name, type, and client ID of your registered application.
You can register as many client applications as you need. To register another application, repeat this step.
4. Access your client credentials
For each registered application, you see a separate entry in the OAuth - Create Client Credentials section, as shown below.
For security reasons, client secret keys for your registered applications are not displayed in the OAuth - Create Client Credentials section.
To access the full details of the generated client credentials for an app, use the download link in the JSON column for the app entry. This triggers the download of a JSON file with the full client credential details for your application.
Following is a listing of the JSON file with the client credentials for the sample SA web client application.
"name": "SA web client",
Make sure to store your client secret keys securely and never reveal them publicly. If you suspect that the secret key for an application has been compromised, contact us immediately.
You have registered at least one client application and have generated and downloaded your OAuth client credentials for it.
You can now use one of the OAuth2 authorization flows to obtain an access token and start making payments with either a payment card entered by a customer or with a token for a saved payment card that is associated with a saved customer.