Register OAuth 2.0 Application
Register an OAuth application to integrate with SumUp and generate client credentials for OAuth-authenticated requests. See OAuth2 authorization flows for details on obtaining access tokens for protected API resources.
This guide covers registering a client application and obtaining credentials through these steps:
- Log in to your account
- Create an OAuth application
- Generate client credentials
- Access client credentials
Prerequisites
Section titled “Prerequisites”- A SumUp merchant account with completed account details (or a test account)
- Your application name
- One or more redirect URIs, used to redirect users after authentication and send authorization codes via OAuth2 Authorization Code Flow.
1. Log in to Your Account
Section titled “1. Log in to Your Account”Log in to your SumUp account. Log in to your SumUp account. Account name (First name + last name) replaces the Log in button in the top-right corner.
2. Create an OAuth Application
Section titled “2. Create an OAuth Application”-
Navigate to Account > Settings > For Developers > OAuth2 Apps. This page allows you to create and edit OAuth applications.
-
Click on Create application to define your application.
Create OAuth App screen Describe your application and provide its homepage. Click Register application to complete.
Edit details by clicking the application. Update initial data and add optional items like logo, Terms & Conditions, and Privacy Policy URLs.
-
Under Scopes, specify the authorization scopes for your app. Scopes represent the access rights of the app once consent is granted by the user.
Edit OAuth App screen The app requests user consent to access their data in line with the scopes granted here. For detailed information, see OAuth2 Authorization Code Flow.
3. Generate Client Credentials
Section titled “3. Generate Client Credentials”On the OAuth2 Apps page, click on a registered application. Go to the Client credentials tab.
Click on Create client secret to open the following form:
Provide the following details:
| Name | Required | Description |
|---|---|---|
| Client name | Yes | A descriptive name for your client application. |
| Application type | Yes | Type: Web, Android, iOS, or Other. |
| Authorized redirect URL | Yes | Redirect URL for post-authentication. When merchant users authenticate with SumUp and authorize your client app to access their account data, they are redirected to this path in your application. You can add multiple URLs; separate with a comma. |
| Authorized JavaScript Origin | No | The origin URI of your client application. SumUp allows Cross-Origin Resource Sharing (CORS) across various domains from the browser and is available for type web applications only. The value allows your client application to request resources from SumUp servers. |
Click Save to generate the client credentials. In the Client secrets section, you will see an entry with the name, application type, and client ID of each generated credential.
4. Access Client Credentials
Section titled “4. Access Client Credentials”Once created, credentials appear in the Client credentials section of your OAuth application’s settings (see screenshot).
Use the download button to access a JSON file with the full client credential details for the current application. Below you can see an example:
{ "id": "CCCFAXYD", "name": "SA web client", "client_id": "fOcmczrYtYMJ7Li5GjMLLcUeC9dN", "client_secret": "717bd571b54297494cd7a79b491e8f2c1da6189c4cc2d3481380e8366eef539c", "application_type": "web", "redirect_uris": ["https://sample-app.example.com/callback"]}Result
Section titled “Result”You have registered a client application and downloaded OAuth client credentials.
You can now use one of the OAuth2 authorization flows to obtain an access token and start making payments with either a payment card entered by a customer or with a token for a recurring payment.