Search…
Welcome
Merchant API
Authentication
Card linking Receipt API
Token Receipt API
Partner App API
Authentication
OAuth2 Flow
GET Receipt
Notifications
Issuers
Issuer flow
Bank Piloting
Filetypes
ReceiptHero JSON
Finvoice XML eReceipt
Support
Slack channel
Others
Changelog
Powered By GitBook
OAuth2 Flow
Overview of the flow OAuth2 Flow ReceiptHero

Get an authorization code

Initiate the flow by redirecting the user to the ReceiptHero consent page.
Redirect
1
https://dev.receipthero.io/auth?response_type=code&client_id={CLIENT_ID_HERE}&redirect_uri=https%3A%2F%2Freceipthero.io%2Fcallback&scope=receipt%3Awrite&state=cmVjZWlwdGhlcm9yb2Nrcw==
Copied!
If the user approves the request then the authorization server will redirect the user to the redirect URI defined in the request.
Scopes
Scope
Description
receipt:write
Sending receipts to the ReceiptHero system
receipt:read
Reading receipts from the ReceiptHero system
State
Parameter
Type
Description
message
string
Custom message
partner_metadata
object
Optional Partner defined key-value pairs for carrying relevant metadata (will be included in webhook notification messages if provided)
To use the state parameters, the state is to be defined in JSON and encoded into Base64.
Callback
1
https://client-server.com/callback?code=1745ee387c3545b2b77bf37baaf3b3f5&state=cmVjZWlwdGhlcm9yb2Nrcw==
Copied!
The client must make sure that the state matches the provided state value provided to the authorization endpoint. This protects against CSRF type of attacks. The code expires one minute after it has been created.

Exchange the authorization code for an access token

The client sends the previously received authorization code to the token endpoint which then returns an access token.
Request
1
POST https://api.dev.receipthero.io/api/oauth/token
2
3
Content-Type: application/json
4
5
{
6
"grant_type": "authorization_code",
7
"code": "{CODE_HERE}",
8
"client_id": "{CLIENT_ID_HERE}",
9
"client_secret": "{CLIENT_SECRET_HERE}",
10
"redirect_uri": "{REDIRECT_URI_HERE}"
11
}
Copied!
The request can be made in either application/json or application/x-www-form-urlencoded.
Response
1
{
2
"token_type": "Bearer",
3
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyZWNlaXB0X2hlcm9faWQiOiI5Mjg5OTZmZC0yYTU3LTQ1NzctYjZlNy01ODNhZGM4ZGJlOGMiLCJpYXQiOjE2MjM3NDEwMDh9.gD17UFHxJoEmz_RrIHBQksjqgotyncoO8fDYurYPI2k"
4
}
Copied!
The returned access token is a JSON Web Token.
In Token you get ID for this connection.
Claims
Claim
Description
receipthero_id
Unique identifier

Revoke Access Token

1
DELETE https://api.dev.receipthero.io/api/oauth/revoke
2
Host: api.dev.receipthero.io
3
Authorization: Bearer <USERS_OAUTH_TOKEN>
Copied!
Response OK
1
HTTP 200 OK
2
Content-Type: application/json
Copied!
Response Not Found
1
HTTP 404 Not Found
2
Content-Type: application/json
Copied!

Update existing OAuth2 connection

It is possible to update an existing OAuth2 connection by using this dedicated view.
1
https://dev.receipthero.io/membership?receipthero_id={receipthero_id}&redirect_uri={redirect_uri}
Copied!
Query Parameters
Scope
Description
receipthero_id
Unique connection identifier (contained in the JWT token)
redirect_uri
The URI where the user is redirected after taking actions on the connection update view
Redirect
The user is redirected back with the following query string parameters:
Parameter
Description
status
Describes the user action. Possible values are 'cancelled', 'modified' and 'removed'
receipthero_id
Unique connection identifier
Partner App API - Previous
Authentication
Next - Partner App API
GET Receipt
Last modified 5mo ago
Copy link
Contents
Get an authorization code
Exchange the authorization code for an access token
Revoke Access Token
Update existing OAuth2 connection