Register your application
In order to integrate an external application with SumUp's ecosystem, you have to register an OAuth application and generate the client credentials which are used to make OAuth-authenticated requests on behalf of your application. You can see more on OAuth2 authorization flows, which explain how to request an access token that is used to obtain permission to protected resources within SumUp's API.
In this guide, you will learn how to register a client application and obtain OAuth client credentials for it. You will go through the following steps:
- Log in to your account
- Create an OAuth application
- Generate the client credentials
- Access the client credentials
Before you begin
Here are the things that you need in order to complete the steps in this guide:
- You have a merchant account with SumUp and have already filled in your account details.
- For a test account reach out to our support team through this contact form.
- You have the following information available:
- Your application name.
- One or more redirection URIs for registering with SumUp. We will use a registered URI to redirect users to your application after authentication and to send you the authorization codes for obtaining access tokens via the OAuth2 Authorization Code Flow.
1. Log in to your account
Log in to your SumUp account. Once logged in, Account will appear in place of the Log in button on the top right corner of the page.
2. Create an OAuth application
Navigate to the OAuth Apps page. This page allows you to create and edit OAuth applications.
Click on Create application at the bottom right of the page to define your application.
Describe your application and provide its homepage. Click Register application to complete.
It's possible to edit the registered application details by clicking on it. The editing page allows to update the initial data and include optional information such as a "Logo", "Terms & Conditions" and "Privacy policy" urls. Additionally, it's possible to specify the scope of access to your own merchant information. Each scope includes a short description of what it would give access to if selected.
The information provided in this section is showed to users when requesting access to their SumUp account data. To read more about how this information is presented see our OAuth2 Authorization Code Flow.
3. Generate the client credentials
On the OAuth Apps page, click on a registered application. At the bottom of the page click on Create client secret to begin.
Click on Create client secret and the following form will be presented.
Provide the following details:
Name | Required | Description |
---|---|---|
Client name | Yes | A descriptive name for your client application. |
Application type | Yes | The type of your client application. You can select from the following options: Web, Android, iOS, Other |
Authorized redirect URL | Yes | A redirect URL that you want to register for your client application. When merchant users authenticate with SumUp and authorize your client app to access their account data, they are redirected to this path in your application. To specify more than one redirection URL for the client application, separate each URL with a comma. |
Authorized JavaScript Origin | No | The origin URI of your client application. SumUp allows Cross-Origin Resource Sharing (CORS) across various domains from the browser and is available for type web applications only. The value allows your client application to request resources from SumUp servers. |
Click Save to generate the client credentials. In the Client secrets section, you will see an entry with the name, application type, and client ID of each generated credential.
4. Access the client credentials
Once the client credentials have been created, they will be displayed in the Client credentials section of your OAuth application's settings (see screenshot).
Use the download button to access a JSON file with the full client credential details for the current application. Below you can see an example:
{
"id": "CCCFAXYD",
"name": "SA web client",
"client_id": "fOcmczrYtYMJ7Li5GjMLLcUeC9dN",
"client_secret": "717bd571b54297494cd7a79b491e8f2c1da6189c4cc2d3481380e8366eef539c",
"application_type": "web",
"redirect_uris": ["https://sample-app.example.com/callback"]
}
Result
You have registered at least one client application and have generated and downloaded your OAuth client credentials for it.
You can now use one of the OAuth2 authorization flows to obtain an access token and start making payments with either a payment card entered by a customer or with a token for a recurring payment.