Register your application

In order to integrate an external application with SumUp's ecosystem, you have to register an OAuth application and generate the client credentials which are used to make OAuth-authenticated requests on behalf of your application. You can see more on OAuth2 authorization flows, which explain how to request an access token that is used to obtain permission to protected resources within SumUp's API.

In this guide, you will learn how to register a client application and obtain OAuth client credentials for it. You will go through the following steps:

  1. Log in to your account
  2. Create an OAuth application
  3. Generate the client credentials
  4. Access the client credentials

Before you begin

Here are the things that you need in order to complete the steps in this guide:

  • You have a merchant account with SumUp and have already filled in your account details.
    • For a test account reach out to our support team through this contact form.
  • You have the following information available:
    • Your application name.
    • One or more redirection URIs for registering with SumUp. We will use a registered URI to redirect users to your application after authentication and to send you the authorization codes for obtaining access tokens via the OAuth2 Authorization Code Flow.

1. Log in to your account

Log in to your SumUp account. Once logged in, Account will appear in place of the Log in button on the top right corner of the page.

2. Create an OAuth application

Navigate to the OAuth Apps page. This page allows you to create and edit OAuth applications.

Click on Create application at the bottom right of the page to define your application.

Create OAuth App screen
Create OAuth App screen

Describe your application and provide its homepage. Click Register application to complete.

It's possible to edit the registered application details by clicking on it. The editing page allows to update the initial data and include optional information such as a "Logo", "Terms & Conditions" and "Privacy policy" urls. Additionally, it's possible to specify the scope of access to your own merchant information. Each scope includes a short description of what it would give access to if selected.

Edit OAuth App screen
Edit OAuth App screen

The information provided in this section is showed to users when requesting access to their SumUp account data. To read more about how this information is presented see our OAuth2 Authorization Code Flow.

3. Generate the client credentials

On the OAuth Apps page, click on a registered application. At the bottom of the page click on Create client secret to begin.

Click on Create client secret and the following form will be presented.

Create new OAuth App credentials form
Create new OAuth App credentials form

Provide the following details:

Client nameYesA descriptive name for your client application.
Application typeYesThe type of your client application. You can select from the following options: Web, Android, iOS, Other
Authorized redirect URLYesA redirect URL that you want to register for your client application. When merchant users authenticate with SumUp and authorize your client app to access their account data, they are redirected to this path in your application. To specify more than one redirection URL for the client application, separate each URL with a comma.
Authorized JavaScript OriginNoThe origin URI of your client application. SumUp allows Cross-Origin Resource Sharing (CORS) across various domains from the browser and is available for type web applications only. The value allows your client application to request resources from SumUp servers.

Click Save to generate the client credentials. In the Client secrets section, you will see an entry with the name, application type, and client ID of each generated credential.

4. Access the client credentials

Once the client credentials have been created, they will be displayed in the Client credentials section of your OAuth application's settings (see screenshot).

OAuth client credentials section
OAuth client credentials section

Use the download button to access a JSON file with the full client credential details for the current application. Below you can see an example:

  "id": "CCCFAXYD",
  "name": "SA web client",
  "client_id": "fOcmczrYtYMJ7Li5GjMLLcUeC9dN",
  "client_secret": "717bd571b54297494cd7a79b491e8f2c1da6189c4cc2d3481380e8366eef539c",
  "application_type": "web",
  "redirect_uris": [""]


You have registered at least one client application and have generated and downloaded your OAuth client credentials for it.

You can now use one of the OAuth2 authorization flows to obtain an access token and start making payments with either a payment card entered by a customer or with a token for a recurring payment.