Creating authorization URLs
The authorization URL is the first step in the OAuth 2.0 flow. It directs merchants to Yoco’s authorization server, where they can authenticate and grant your application permission to access their data.
Authorization server endpoints
Use these endpoints based on your environment:
The examples below reference the Sandbox URL. Update as needed for your environment.
URL structure and parameters
Your authorization URL should follow this format:
The parameters in the URL must be URL-encoded.
Required parameters
- client_id: Your application’s unique identifier from the developer console
- response_type: Must be
code
for the authorization code flow - scope: Space-separated list of permissions (URL-encoded)
- redirect_uri: Must exactly match the URL configured in your application
- state: Random value for CSRF protection
Scopes
See the complete OAuth scopes documentation for all available options.
State parameter
State parameter management (generation, storage, and verification) is your application’s responsibility as part of CSRF protection.